5 Commits

Author	SHA1	Message	Date
XiuChengWu	f010af6c07	W15: conflict resolution — E7 CRITICAL gate, T11/T18 audit refs, §5 metadata check, PROMPT_TEMPLATE Fixes (W15.4-W15.9) ... - W15.4 (杨帆): §11/§14 cross-reference audit — PASS-WITH-NOTES, 3 fixes needed - W15.5 (王测): §14 internal consistency — PASS-WITH-NOTES, 4 fixes needed - W15.6 (胡桐): self-check script + YAML verification — PASS - W15.7 (杨帆): Add E7 (no OPEN CRITICAL) to EXPRESS conditions, update T11 to include §14.4 A1-A4, add T18 finding status in §14.5 - W15.8 (王测): Fix findings-registry Close Date, add historical finding time-limit rule, add legacy audit Findings Summary note, add Fixes annotation to PROMPT_TEMPLATE - W15.9 (胡桐): Fix false-positive warning in check_agents_metadata.py (skip audits/ dir), add metadata check to §5 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-27 18:33:02 +08:00
XiuChengWu	0e41c8c6f6	W15: workflow improvements — EXPRESS fast-path, audit→fix closed loop, metadata self-check (W15.1-W15.3) ... - W15.1 (杨帆): Add EXPRESS fast-path to §11 state machine (T17/T18, E1-E6 conditions, escalation safety valve) - W15.2 (王测): Add §14 audit→fix closed loop — findings-registry.md, severity-driven auto-triage, CRITICAL blocking rule - W15.3 (胡桐): Create scripts/check_agents_metadata.py (5-check: YAML parse, rating range, group/member refs, duplicate IDs) - Fix YAML orphan bugs in 3 profiles: devops-hu, engineer-sun, security-cao (perf_log entries outside array) - Pre-fill findings-registry.md with 10 historical findings from W11.1/W11.7 audits Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-27 18:19:37 +08:00
XiuChengWu	47082376ef	Wave 10: deep audits of 5 unaudited plugins, smoke regression set (W13.1-W13.6) ... - W13.1 anthropic_plugin (architect-yang, 497 lines): rated C. 6 C ABI functions lack try/catch (§8 violation); my_chat leaks response_body on error path; tool_use response silently dropped. - W13.2 deepseek_plugin (engineer-sun, 486 lines): rated C+. 7 ABI entries unprotected including json::parse paths (malformed JSON terminates); SSE [DONE] sentinel match brittle; ~55% code overlap with anthropic suggests an ai_plugin_base extraction. - W13.3 network_plugin (qa-wang, 322 lines): rated C. CRITICAL: TLS certificate verification fully disabled (set_verify_mode never called, default verify_none accepts any cert) — all AI traffic incl. api_key is MITM-vulnerable. DNS resolve has no timeout; catch lacks (...). - W13.4 lsp_plugin (architect-huang, 749 lines): rated C. CRITICAL: guaranteed deadlock at L519-526 → L547 (g_lsp_impl_start holds mutex then calls g_lsp_impl_stop which re-locks the same non-recursive mutex); 7 vtable funcs unprotected; server→client requests dropped. - W13.5 session+tools (security-cao, 264+251 lines): rated D+/D. Path traversal in builtin_file_read/write (zero validation); global static state in both plugins lacks mutex (UAF risk); 9 vtable funcs lack try/catch. - W13.6 smoke regression (qa-xu, +193 lines): 4 new cases — context max_tokens trim, config dual-store consistency (exposes that W12.2 merge is incomplete: dstalk_config_set→config_service.get returns null), HTTP error path no-crash, repeated init/shutdown cycle. Verified: cmake build 0 error 0 warning, ctest 4/4 pass. Top W14 priorities surfaced: TLS verification (W13.3), LSP deadlock (W13.4), file-tool path traversal (W13.5), config dual-store still broken (W13.6 R2), shared try/catch wrapper across all AI plugins. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2026-05-27 09:32:13 +08:00
XiuChengWu	004a81db96	Wave 7: collaboration framework hardening (W10.1-W10.4) ... Pure agents/ documentation work — first contributions from 4 previously-idle members (yang/li/zhu/xu). - W10.1 yang: WORKFLOW §11-§13 — collaboration state machine (9 states / 16 transitions), 10-item acceptance checklist, 7-scenario failure rollback playbook (+227 lines) - W10.2 li: agents/STATUS.md — live roster + group + Wave progress snapshot (65 lines) - W10.3 zhu: agents/PROMPT_TEMPLATE.md — subagent prompt template with 6 anti-patterns + 1 worked example + 4-step pre-dispatch checklist (193 lines) - W10.4 xu: agents/POSTMORTEM.md — 5 incident records (PM-001 stale-obj, PM-002 boost-json, PM-003 cross-DLL-heap, PM-004 loader-fail-fast, PM-005 push-force) + 7 defensive rules (172 lines) No code changes. WORKFLOW.md §9 has a pointer to the new PROMPT_TEMPLATE.md. STATUS.md updated to reflect W10.1 completion (yang status flipped working→idle). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2026-05-27 05:52:02 +08:00
XiuChengWu	4433218853	Add multi-agent collaboration system with 16-person team and two-tier governance ... - agents/README.md documents company principles (first principles + practical delivery), 6-stage collaboration flow, and two-tier governance: CEO has highest priority and final say; work groups self-govern internally for staffing, scheduling, technical choices within CEO-defined boundaries. - 16 employees recruited to match CPU physical core count, enabling up to 16 subagents to run in parallel. Each profile.md has independent name, background, strengths, weaknesses, and performance log. - Roles: 1 CEO, 3 architects (lin/yang/huang), 5 engineers (zhao/chen/li/ zhou/sun), 3 QA (wang/liu/xu), 2 DevOps (ma/hu), 1 designer (zhu), 1 writer (deng), 1 security (cao). - Five working groups defined under agents/groups/: grp-quality-core, grp-ai-plugins, grp-cli-ux (B3), grp-build-matrix, grp-security-audit. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2026-05-27 05:13:12 +08:00