audit follow-up: burn down lint hotspots and dedupe channel gating flows
This commit is contained in:
William Valentin
@@ -19,8 +19,8 @@ Scope: Production-risk-first audit of bugs, code improvements, and feature oppor
|
||||
- ✅ F-003 addressed: tool execution now has an `AbortSignal` contract, executor triggers abort on timeout, high-risk tools (`shell.exec`, sandbox docker exec, `process.start`, browser tools, `web.fetch`, `web.search`) respond to cancellation, and executor regression tests verify cancellable tools do not apply side effects after timeout.
|
||||
- ✅ F-015 addressed: retry defaults no longer classify timeout-style failures as non-retryable, improving resilience for transient timeout conditions.
|
||||
- ✅ F-011 addressed: Slack user-name resolution now uses bounded TTL+LRU caching to prevent unbounded growth.
|
||||
- ◑ F-013 partially addressed: reset-command normalization is now shared across Discord/Slack/WhatsApp adapters via `src/channels/utils.ts`, reducing duplicated command-parsing logic.
|
||||
- ◑ F-004 partially addressed: lint error baseline is restored (`pnpm lint` now passes with 0 errors), while warning-burn-down remains open.
|
||||
- ✅ F-013 addressed: shared channel utilities now cover reset normalization/building plus reusable allowlist, mention-gating, and pairing-gating flows across Discord/Slack/WhatsApp adapters.
|
||||
- ◑ F-004 partially addressed: lint error baseline is restored (`pnpm lint` now passes with 0 errors) and warning burn-down has progressed from `466` to `323`; additional warning debt remains.
|
||||
|
||||
## Executive Summary
|
||||
|
||||
@@ -28,14 +28,14 @@ Current health snapshot:
|
||||
- `pnpm typecheck`: passing
|
||||
- `pnpm build`: passing
|
||||
- `pnpm test:run`: passing (`140/140` files, `1773/1773` tests)
|
||||
- `pnpm lint`: passing with warnings only (`0 errors`, `466 warnings`)
|
||||
- `pnpm lint`: passing with warnings only (`0 errors`, `323 warnings`)
|
||||
|
||||
Top conclusions:
|
||||
- A critical Web UI security issue exists in markdown rendering (unsanitized HTML insertion).
|
||||
- Runtime configuration edits from the settings page appear non-persistent across restart.
|
||||
- Tool timeout behavior likely allows underlying side effects to continue after timeout.
|
||||
- Gateway request-body handling and WebSocket ingress controls need abuse protections.
|
||||
- Lint error-level gate is restored, but warning debt remains high.
|
||||
- Lint error-level gate is restored, and warning debt is trending down but still high.
|
||||
|
||||
## Methodology and Scope
|
||||
|
||||
@@ -126,7 +126,7 @@ Remediation update (2026-02-16):
|
||||
- Severity: Medium
|
||||
- Impact: CI noise, reduced confidence in static analysis, and slower defect detection.
|
||||
- Evidence:
|
||||
- `pnpm -s lint` => `0 errors`, `466 warnings`
|
||||
- `pnpm -s lint` => `0 errors`, `323 warnings`
|
||||
- Error concentration:
|
||||
- `src/daemon/models.ts` (90 errors)
|
||||
- `src/cli/tui.ts` (25 errors)
|
||||
@@ -145,7 +145,10 @@ Remediation update (2026-02-16):
|
||||
|
||||
Remediation update (2026-02-16):
|
||||
- Stage 1 complete: fixed all error-level ESLint violations in impacted high-error files so `pnpm lint` now passes with `0` errors.
|
||||
- Stage 2 in progress: warning-burn-down reduced to `466` warnings via targeted low-risk test cleanup (non-null assertion removal).
|
||||
- Stage 2 in progress: warning-burn-down reduced to `323` warnings via targeted hotspot cleanup in:
|
||||
- `src/gateway/handlers/handlers.test.ts`
|
||||
- `src/daemon/routing.test.ts`
|
||||
- `src/frontends/tui/minimal.test.ts`
|
||||
|
||||
### F-005 Medium: ESLint browser globals mismatch causes avoidable UI lint failures
|
||||
|
||||
@@ -267,8 +270,9 @@ Remediation update (2026-02-16):
|
||||
- Extract shared middleware utilities for common inbound/outbound behaviors.
|
||||
|
||||
Remediation update (2026-02-16):
|
||||
- Added shared `normalizeResetCommandText()` utility and migrated Discord/Slack/WhatsApp adapters to use it, reducing repeated reset-command parsing logic.
|
||||
- Added shared `buildResetInboundMessage()` utility and migrated Discord/Slack/WhatsApp adapters to use it, reducing repeated reset-metadata construction logic.
|
||||
- Added shared `normalizeResetCommandText()` + `buildResetInboundMessage()` utilities and migrated Discord/Slack/WhatsApp adapters to use them.
|
||||
- Added shared `isAllowedByAllowlist()`, `shouldIgnoreForMissingMention()`, and `allowTrustedOrPairedSender()` channel utilities.
|
||||
- Migrated Discord/Slack/WhatsApp adapters to use shared allowlist, mention-gating, and pairing-gating flows with adapter-specific transport hooks.
|
||||
|
||||
### F-014 Low: ModelRouter listener API has destructive setter footgun
|
||||
|
||||
@@ -449,7 +453,7 @@ pnpm -s lint
|
||||
|
||||
Observed outcomes:
|
||||
- Typecheck/build/test: passing.
|
||||
- Lint: passing with warnings only (`0` errors, `466` warnings).
|
||||
- Lint: passing with warnings only (`0` errors, `323` warnings).
|
||||
|
||||
Historical pre-remediation lint error concentration snapshot:
|
||||
- `src/daemon/models.ts`: 90 errors
|
||||
|
||||
Reference in New Issue
Block a user