Claude/ai agentic roadmap l ej3l#1
Draft
andypost wants to merge 2 commits into
Draft
Conversation
Add planning documents covering the fork's direction and priorities: Roadmap docs: - README.md — index and navigation hub - unit-roadmap.md — cross-cutting platform work, core daemon, governance - unit-maintainer.md — maintainer-facing synthesis, priorities, backlog - unit-php.md — PHP ZTS worker pool, persistent worker, TrueAsync - unit-python.md — free-threaded 3.13t, subinterpreters, ASGI/WSGI - unit-ruby.md — thread pool, Ractors, Fiber scheduler, YJIT - unit-cron.md — scheduler/cron primitive for framework tasks - unit-arm32.md — armv7/armhf SIGBUS/alignment investigation - unit-todos.md — ~90 TODO/FIXME/HACK markers inventory - unit-wasm.md — WASM backends, WASI component model, OCI distribution Core changes: - nxt_conf.h — add new config validation helpers - nxt_conf_validation.c — expand validation for routes, targets, TLS - nxt_controller.c — wire up new validation entry points Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Surfaces the delta between the public roadmap (unit-roadmap.md / unit-maintainer.md) and the maintainer's Telegram-derived vision (maintainer-from-telegram.md), then reprioritizes existing X*/D*/W* items into a predictable quarterly schedule aimed at AI-agent hosts: sandboxed tool calls, scheduled agent jobs, capability-gated WASI components, co-located wasi-nn inference, OCI-distributed bundles, and signed-component supply-chain trust. No new roadmap primitives are introduced; the AI-agentic stream runs parallel to the PHP / Python / Ruby tracks and reuses their shared cross-cutting outputs. https://claude.ai/code/session_013Njm6J7bxsyaus96EUHpir
andypost
added a commit
that referenced
this pull request
May 11, 2026
Audit-driven hardening pass clustered around the trust boundary where
one process writes a struct into shared memory and another process
reads it. Five findings (security-audit.md V5/V10), one helper per
file, no public-API or libunit-ABI changes.
V5 [High] chunk_id no bounds check (src/nxt_port_memory.c:698 on
master @ 7b12696). Peer-supplied chunk_id was passed to
nxt_port_mmap_chunk_start() without checking against
PORT_MMAP_CHUNK_COUNT, yielding an OOB pointer. Reject in
nxt_port_mmap_get_incoming_buf() before pointer arithmetic.
V5 [High] chunk_id + nchunks past mapped region (line 701).
nchunks is computed from untrusted mmap_msg->size; a peer
could land b->mem.end past the mapped segment. Combined
with #1 above into a single overflow-safe range check
(chunk_id + nchunks <= PORT_MMAP_CHUNK_COUNT, written as
nchunks <= PORT_MMAP_CHUNK_COUNT - chunk_id after the
chunk_id bound holds).
V5 [Medium] TOCTOU on shmem mmap_id lookup (lines 676-678).
process->incoming.mutex was released between locating
mmap_handler and the caller's first dereference of
mmap_handler->hdr; a concurrent peer-side close could free
the handler in that window. nxt_port_get_port_incoming_mmap
now bumps the existing atomic refcount under the mutex; the
sole caller adopts the reference (the redundant explicit
handler_use(+1) at the buf-parent assignment site is
removed) and releases it on every error path.
V10 [Medium] max_fields_count * sizeof(field) + 2 overflow on response
(src/nxt_unit.c:2049-2051, 2128-2130). Application-supplied
counts/sizes were multiplied without overflow checking;
wrap-around produced an undersized buffer that subsequent
field memcpy()s overran. New file-static helper
nxt_unit_response_buf_size() computes the size with
UINT32_MAX-bounded checks at both multiplication and
addition; nxt_unit_response_init/realloc reject overflow
with a libunit error.
V10 [Low] sptr offset dereferenced without bounds (line 1329 etc.).
Every nxt_unit_request_t sptr is now validated at
request-arrival time inside nxt_unit_process_req_headers()
before any consumer dereferences it. New file-static
helper nxt_unit_sptr_in_buf(sptr, length, buf, size)
performs the underflow-safe check; one-shot validation
keeps the per-deref hot paths and the libunit ABI
unchanged.
Cross-cutting: file-static helpers nxt_port_mmap_chunk_range_valid()
in src/nxt_port_memory.c and nxt_unit_sptr_in_buf() /
nxt_unit_response_buf_size() in src/nxt_unit.c. None exported
through public headers; nxt_unit_sptr.h, nxt_unit_request.h,
nxt_unit_field.h, and nxt_unit.h struct layouts are unchanged.
Builds clean with ./configure --openssl && make under -Werror.
nxt_unit.c also compile-checked standalone with the stock CFLAGS.
pytest-3 --collect-only test/ collects 898 tests; root-required
runs were not exercised in the worktree.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Proposed changes
Describe the use case and detail of the change. If this PR addresses
a GitHub issue, include a link to it.
Checklist