dstalk

pulsareon/dstalk

Fork 0

Commit Graph

Author	SHA1	Message	Date
XiuChengWu	47082376ef	Wave 10: deep audits of 5 unaudited plugins, smoke regression set (W13.1-W13.6) Some checks failed CI / Determine matrix (push) Has been cancelled Details CI / ${{ matrix.os }} / ${{ matrix.build_type }} (push) Has been cancelled Details - W13.1 anthropic_plugin (architect-yang, 497 lines): rated C. 6 C ABI functions lack try/catch (§8 violation); my_chat leaks response_body on error path; tool_use response silently dropped. - W13.2 deepseek_plugin (engineer-sun, 486 lines): rated C+. 7 ABI entries unprotected including json::parse paths (malformed JSON terminates); SSE [DONE] sentinel match brittle; ~55% code overlap with anthropic suggests an ai_plugin_base extraction. - W13.3 network_plugin (qa-wang, 322 lines): rated C. CRITICAL: TLS certificate verification fully disabled (set_verify_mode never called, default verify_none accepts any cert) — all AI traffic incl. api_key is MITM-vulnerable. DNS resolve has no timeout; catch lacks (...). - W13.4 lsp_plugin (architect-huang, 749 lines): rated C. CRITICAL: guaranteed deadlock at L519-526 → L547 (g_lsp_impl_start holds mutex then calls g_lsp_impl_stop which re-locks the same non-recursive mutex); 7 vtable funcs unprotected; server→client requests dropped. - W13.5 session+tools (security-cao, 264+251 lines): rated D+/D. Path traversal in builtin_file_read/write (zero validation); global static state in both plugins lacks mutex (UAF risk); 9 vtable funcs lack try/catch. - W13.6 smoke regression (qa-xu, +193 lines): 4 new cases — context max_tokens trim, config dual-store consistency (exposes that W12.2 merge is incomplete: dstalk_config_set→config_service.get returns null), HTTP error path no-crash, repeated init/shutdown cycle. Verified: cmake build 0 error 0 warning, ctest 4/4 pass. Top W14 priorities surfaced: TLS verification (W13.3), LSP deadlock (W13.4), file-tool path traversal (W13.5), config dual-store still broken (W13.6 R2), shared try/catch wrapper across all AI plugins. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2026-05-27 09:32:13 +08:00
XiuChengWu	004a81db96	Wave 7: collaboration framework hardening (W10.1-W10.4) Some checks failed CI / Determine matrix (push) Has been cancelled Details CI / ${{ matrix.os }} / ${{ matrix.build_type }} (push) Has been cancelled Details Pure agents/ documentation work — first contributions from 4 previously-idle members (yang/li/zhu/xu). - W10.1 yang: WORKFLOW §11-§13 — collaboration state machine (9 states / 16 transitions), 10-item acceptance checklist, 7-scenario failure rollback playbook (+227 lines) - W10.2 li: agents/STATUS.md — live roster + group + Wave progress snapshot (65 lines) - W10.3 zhu: agents/PROMPT_TEMPLATE.md — subagent prompt template with 6 anti-patterns + 1 worked example + 4-step pre-dispatch checklist (193 lines) - W10.4 xu: agents/POSTMORTEM.md — 5 incident records (PM-001 stale-obj, PM-002 boost-json, PM-003 cross-DLL-heap, PM-004 loader-fail-fast, PM-005 push-force) + 7 defensive rules (172 lines) No code changes. WORKFLOW.md §9 has a pointer to the new PROMPT_TEMPLATE.md. STATUS.md updated to reflect W10.1 completion (yang status flipped working→idle). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2026-05-27 05:52:02 +08:00
XiuChengWu	4433218853	Add multi-agent collaboration system with 16-person team and two-tier governance - agents/README.md documents company principles (first principles + practical delivery), 6-stage collaboration flow, and two-tier governance: CEO has highest priority and final say; work groups self-govern internally for staffing, scheduling, technical choices within CEO-defined boundaries. - 16 employees recruited to match CPU physical core count, enabling up to 16 subagents to run in parallel. Each profile.md has independent name, background, strengths, weaknesses, and performance log. - Roles: 1 CEO, 3 architects (lin/yang/huang), 5 engineers (zhao/chen/li/ zhou/sun), 3 QA (wang/liu/xu), 2 DevOps (ma/hu), 1 designer (zhu), 1 writer (deng), 1 security (cao). - Five working groups defined under agents/groups/: grp-quality-core, grp-ai-plugins, grp-cli-ux (B3), grp-build-matrix, grp-security-audit. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2026-05-27 05:13:12 +08:00

Author

SHA1

Message

Date

XiuChengWu

47082376ef

Wave 10: deep audits of 5 unaudited plugins, smoke regression set (W13.1-W13.6)

CI / Determine matrix (push) Has been cancelled

Details

CI / ${{ matrix.os }} / ${{ matrix.build_type }} (push) Has been cancelled

Details

- W13.1 anthropic_plugin (architect-yang, 497 lines): rated C. 6 C ABI
  functions lack try/catch (§8 violation); my_chat leaks response_body on
  error path; tool_use response silently dropped.
- W13.2 deepseek_plugin (engineer-sun, 486 lines): rated C+. 7 ABI entries
  unprotected including json::parse paths (malformed JSON terminates);
  SSE [DONE] sentinel match brittle; ~55% code overlap with anthropic
  suggests an ai_plugin_base extraction.
- W13.3 network_plugin (qa-wang, 322 lines): rated C. CRITICAL: TLS
  certificate verification fully disabled (set_verify_mode never called,
  default verify_none accepts any cert) — all AI traffic incl. api_key
  is MITM-vulnerable. DNS resolve has no timeout; catch lacks (...).
- W13.4 lsp_plugin (architect-huang, 749 lines): rated C. CRITICAL:
  guaranteed deadlock at L519-526 → L547 (g_lsp_impl_start holds mutex
  then calls g_lsp_impl_stop which re-locks the same non-recursive
  mutex); 7 vtable funcs unprotected; server→client requests dropped.
- W13.5 session+tools (security-cao, 264+251 lines): rated D+/D. Path
  traversal in builtin_file_read/write (zero validation); global
  static state in both plugins lacks mutex (UAF risk); 9 vtable funcs
  lack try/catch.
- W13.6 smoke regression (qa-xu, +193 lines): 4 new cases — context
  max_tokens trim, config dual-store consistency (exposes that W12.2
  merge is incomplete: dstalk_config_set→config_service.get returns
  null), HTTP error path no-crash, repeated init/shutdown cycle.

Verified: cmake build 0 error 0 warning, ctest 4/4 pass.

Top W14 priorities surfaced: TLS verification (W13.3), LSP deadlock
(W13.4), file-tool path traversal (W13.5), config dual-store still
broken (W13.6 R2), shared try/catch wrapper across all AI plugins.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2026-05-27 09:32:13 +08:00

XiuChengWu

004a81db96

Wave 7: collaboration framework hardening (W10.1-W10.4)

CI / Determine matrix (push) Has been cancelled

Details

CI / ${{ matrix.os }} / ${{ matrix.build_type }} (push) Has been cancelled

Details

Pure agents/ documentation work — first contributions from 4
previously-idle members (yang/li/zhu/xu).

- W10.1 yang: WORKFLOW §11-§13 — collaboration state machine
  (9 states / 16 transitions), 10-item acceptance checklist,
  7-scenario failure rollback playbook (+227 lines)
- W10.2 li: agents/STATUS.md — live roster + group + Wave
  progress snapshot (65 lines)
- W10.3 zhu: agents/PROMPT_TEMPLATE.md — subagent prompt
  template with 6 anti-patterns + 1 worked example +
  4-step pre-dispatch checklist (193 lines)
- W10.4 xu: agents/POSTMORTEM.md — 5 incident records
  (PM-001 stale-obj, PM-002 boost-json, PM-003 cross-DLL-heap,
  PM-004 loader-fail-fast, PM-005 push-force) + 7 defensive
  rules (172 lines)

No code changes. WORKFLOW.md §9 has a pointer to the new
PROMPT_TEMPLATE.md. STATUS.md updated to reflect W10.1
completion (yang status flipped working→idle).

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2026-05-27 05:52:02 +08:00

XiuChengWu

4433218853

Add multi-agent collaboration system with 16-person team and two-tier governance

- agents/README.md documents company principles (first principles + practical
  delivery), 6-stage collaboration flow, and two-tier governance: CEO has
  highest priority and final say; work groups self-govern internally for
  staffing, scheduling, technical choices within CEO-defined boundaries.
- 16 employees recruited to match CPU physical core count, enabling up to
  16 subagents to run in parallel. Each profile.md has independent name,
  background, strengths, weaknesses, and performance log.
- Roles: 1 CEO, 3 architects (lin/yang/huang), 5 engineers (zhao/chen/li/
  zhou/sun), 3 QA (wang/liu/xu), 2 DevOps (ma/hu), 1 designer (zhu),
  1 writer (deng), 1 security (cao).
- Five working groups defined under agents/groups/: grp-quality-core,
  grp-ai-plugins, grp-cli-ux (B3), grp-build-matrix, grp-security-audit.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2026-05-27 05:13:12 +08:00

3 Commits