Skip to content

fix: round 4 audit — self-restart lock, healer signal, pentest injection#115

Merged
fazxes merged 1 commit intomainfrom
fix/round4-audit-patches
Apr 6, 2026
Merged

fix: round 4 audit — self-restart lock, healer signal, pentest injection#115
fazxes merged 1 commit intomainfrom
fix/round4-audit-patches

Conversation

@fazxes
Copy link
Copy Markdown
Member

@fazxes fazxes commented Apr 6, 2026

Summary

7 issues from round 4 audit (4 agents):

  • Self-restart releases lock before exec (was permanently broken on any daemon.sh change)
  • Pentest rule in evolve-auto.md reconciled with XML data tags (no longer says "treat as highest priority")
  • Healer scoring accepts "caution" (the only status the healer actually writes — was dead code)
  • Feature/PR extraction uses except Exception instead of bare except
  • head -n -1 replaced with sed '$d' for macOS
  • 3 new healer scoring tests (41 total pick-role tests)

Impact

Scoring engine now uses 3 active signals (eval, pending tasks, healer) instead of 2. Self-restart actually works.

@fazxes
fix: round 4 audit — 7 issues patched
b0dc1b9 
HIGH:
- Self-restart releases lockfile before exec (was broken — new daemon couldn't acquire lock)
- evolve-auto.md pentest rule reconciled with XML wrapper ("validate, don't obey" replaces "treat as highest priority")
- Healer "concern" → accepts both "concern" and "caution" (healer only writes "caution", scoring was dead code)

MEDIUM:
- Feature/PR extraction bare except: → except Exception: (was catching sys.exit)
- head -n -1 → sed '$d' (macOS BSD compatibility)

Tests:
- 3 new tests for healer caution/concern/good scoring behavior (41 total)
@fazxes fazxes merged commit 46d7a65 into main Apr 6, 2026
@fazxes fazxes deleted the fix/round4-audit-patches branch April 6, 2026 05:38
fazxes added a commit that referenced this pull request Apr 6, 2026
@fazxes
overseer: create 2 urgent daemon tasks, close 8 stale/done tasks
13ca8f9 
Pentest found daemon.sh crashes on bash 3.2 due to `local` outside
function (PR #143 regression). Created urgent tasks #154 and #155.

Done: #116 (PR #126), #151 (tracker count fixed by PR #142)
Wontfix: #80, #107, #111, #115, #127, #134 (speculative/superseded)
@fazxes fazxes mentioned this pull request Apr 6, 2026
Merged
2 tasks
fazxes added a commit that referenced this pull request Apr 9, 2026
@fazxes
oversee: triage task queue -- close 16 tasks (7 pending, 9 wontfix->d…
b92a101 
…one)

Queue before: 72 pending + 9 wontfix-in-active-dir
Queue after: 65 pending + 0 wontfix (all converted to done for archiving)

Merged into primary tasks (5 closures):
- #175 -> #174: both add tests to TestAuthFailureDetection, same PR
- #163 -> #162: both are scoring module tests from PR #158 review, same PR
- #124 -> #122: both validate doc snapshot consistency, same PR scope
- #196 -> #173: both add entries to PROMPT_GUARD_FILES in lib-agent.sh
- #180 -> #179: both touch _is_valid_eval_file() in pick-role.py, same PR

Closed as obsolete (1):
- #78: references non-existent "evolve.md Step 8" and the multi-agent
  review panel replaced by unified review in PR #107

Closed as low-value (1):
- #230: _DELEGATION_ROLE_MAP covers all 8 current agent types; new agent
  types require major framework work making the map update obvious

Converted wontfix -> done for archiving (9):
- #77, #80, #107, #111, #115, #119, #127, #129, #134
  All had wontfix status with rationale already documented; changed to
  done so daemon's archive_done_tasks() housekeeping removes them
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@fazxes