XiuChengWu
f010af6c07
- W15.4 (杨帆): §11/§14 cross-reference audit — PASS-WITH-NOTES, 3 fixes needed - W15.5 (王测): §14 internal consistency — PASS-WITH-NOTES, 4 fixes needed - W15.6 (胡桐): self-check script + YAML verification — PASS - W15.7 (杨帆): Add E7 (no OPEN CRITICAL) to EXPRESS conditions, update T11 to include §14.4 A1-A4, add T18 finding status in §14.5 - W15.8 (王测): Fix findings-registry Close Date, add historical finding time-limit rule, add legacy audit Findings Summary note, add Fixes annotation to PROMPT_TEMPLATE - W15.9 (胡桐): Fix false-positive warning in check_agents_metadata.py (skip audits/ dir), add metadata check to §5 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
41 lines
2.8 KiB
Markdown
41 lines
2.8 KiB
Markdown
# Audit Findings Registry
|
||
|
||
> **维护人**: grp-quality-core (王测)
|
||
> **格式定义**: 见 `agents/WORKFLOW.md` §14.2
|
||
> **最后更新**: 2026-05-27 (W15.2 初始化,从 W11.1/W11.7 审计报告提取)
|
||
|
||
---
|
||
|
||
## Open Findings
|
||
|
||
| ID | Severity | Source | Title | Status | Assigned To | Fix Wave | Verified By |
|
||
|----|----------|--------|-------|--------|-------------|----------|-------------|
|
||
| F-11.7-1 | CRITICAL | [W11.7-destructive-test.md](W11.7-destructive-test.md) | `build/bin/dstalk-cli.exe` corrupt copy (MD5 d8e8c92b vs 803ca2ea); all commands treated as AI prompt, exit code always 3 | OPEN | — | — | — |
|
||
| F-11.7-2 | MEDIUM | [W11.7-destructive-test.md](W11.7-destructive-test.md) | `/clear` reports [OK] even when session unavailable (g_session==null) — main.cpp:168-172 | OPEN | — | — | — |
|
||
| F-11.7-3 | LOW | [W11.7-destructive-test.md](W11.7-destructive-test.md) | `/context` silent no-output when session unavailable; no else branch — main.cpp:175-185 | OPEN | — | — | — |
|
||
| F-11.7-4 | LOW | [W11.7-destructive-test.md](W11.7-destructive-test.md) | `/file write` (no args) matched as unknown command instead of usage hint | OPEN | — | — | — |
|
||
| F-11.1-1 | HIGH | [W11.1-context-audit.md](W11.1-context-audit.md) | C++ exception (`std::bad_alloc`)穿越ABI边界,违反plugin-abi §5.3;trim_impl (L114-226) 无try/catch → std::terminate() | OPEN | — | — | — |
|
||
| F-11.1-2 | HIGH | [W11.1-context-audit.md](W11.1-context-audit.md) | strdup返回值未检查,OOM时静默失败+泄漏;L138-141/L219-222 循环内4次strdup无nullptr检查 | OPEN | — | — | — |
|
||
| F-11.1-3 | MEDIUM | [W11.1-context-audit.md](W11.1-context-audit.md) | context_set_max_tokens死API,g_max_tokens从未被读取(L21/L243-244) | OPEN | — | — | — |
|
||
| F-11.1-4 | LOW | [W11.1-context-audit.md](W11.1-context-audit.md) | UTF-8解码无越界保护(L42-64, L96-104),多字节序列假设后续字节有效 | OPEN | — | — | — |
|
||
| F-11.1-5 | LOW | [W11.1-context-audit.md](W11.1-context-audit.md) | token计数逻辑重复(L34-68 vs L91-106 ~90%重复) | OPEN | — | — | — |
|
||
| F-11.1-6 | LOW | [W11.1-context-audit.md](W11.1-context-audit.md) | 0xC0/0xC1过短编码未识别(L52, L100),仅影响token估算计数 | OPEN | — | — | — |
|
||
|
||
---
|
||
|
||
## Closed Findings
|
||
|
||
> Closed Findings 表必须包含 Close Date 字段(格式 YYYY-MM-DD),记录发现关闭日期。字段定义见 WORKFLOW.md §14.1。
|
||
|
||
| ID | Severity | Source | Title | Close Date | Fix Wave | Verified By |
|
||
|----|----------|--------|-------|-------------|----------|-------------|
|
||
| — | — | — | 暂无已关闭发现 | — | — | — |
|
||
|
||
---
|
||
|
||
## Change Log
|
||
|
||
| Date | Change | Author |
|
||
|------|--------|--------|
|
||
| 2026-05-27 | W15.2 初始化,从 W11.1/W11.7 提取 10 条发现 | 王测 (qa-wang) |
|