Post-v1.3.0 backlog: deferred deep-audit findings and baseline test failures

[ndycode]

Summary

This issue tracks the remaining deferred work after the v1.3.0 post-audit hardening cycle landed on main via the reviewed rollup PR #432 and follow-up PR #420.

The post-audit cycle fixed and merged PRs #414–#432 (plus #420), published codex-multi-auth@1.3.0, and cleared the high-confidence fix backlog that was safe to land in the release train.

What remains is the work that was intentionally deferred because it was either:

• medium/low severity from the deep audit,
• a policy decision rather than a bugfix,
• a larger refactor not suitable for a hot release,
• or a baseline environment issue that already existed on main.

Deferred categories

1. Remaining deep-audit MEDIUM / LOW findings

The deep audit produced:

• 58 MEDIUM findings
• 61 LOW findings
• 9 INFO observations

These were not fixed in the v1.3.0 cycle. The raw reports remain at:

• .sisyphus/notepads/deep-audit/reports/*.json
• .sisyphus/notepads/deep-audit/EXECUTIVE-SUMMARY.md
• .sisyphus/notepads/deep-audit/VALIDATION-LOG.md

Representative examples:

• docs/test coverage gaps that are real but not merge-blocking
• minor logging / wording mismatches
• cleanup-only dead code comments
• lower-confidence durability hardening follow-ups

2. Baseline environment failures already present on main

The rollup verification showed these tests still fail in the current local environment and already failed on main before the rollup merge:

• test/codex-bin-wrapper.test.ts
• test/benchmark-runtime-path-script.test.ts

These are not regressions introduced by the post-audit fix set, but they still need resolution.

3. Policy-level routing mutex default flip

Deep audit finding HI-03 was validated as a policy choice rather than a simple bug:

• routingMutex is still "legacy" by default
• the deep audit recommended eventually flipping the default to "enabled"
• that is a behavior / rollout decision, not a simple bugfix

This should be handled as a dedicated design/rollout PR (or RFC) rather than as a stealth change inside a bugfix patch.

4. Shutdown-contract redesign

Issue #430 already tracks the larger shutdown semantics refactor that was intentionally not forced into the release cycle:

• cleanup ordering semantics
• signal / beforeExit contract
• idempotence across more than the minimal fix that shipped in fix(shutdown): make runCleanup idempotent under concurrent calls (LIB-HIGH-003) #431

This issue should stay as the parent for that deeper work.

Suggested next-step checklist

• Triage the remaining MEDIUM findings into: real bug / cleanup / test gap / docs-only
• Reproduce and fix the baseline failures in codex-bin-wrapper.test.ts
• Reproduce and fix the baseline failures in benchmark-runtime-path-script.test.ts
• Decide whether to flip routingMutex default in a future minor release
• Fold low-risk cleanup-only comments into a v1.3.1 or v1.4.0 maintenance PR
• Keep Refactor shutdown semantics: ordering, idempotence, and signal contract (LIB-HIGH-003) #430 as the dedicated shutdown-contract tracking issue

Context / references

• Release branch summary: .sisyphus/notepads/deep-audit/LANDED-SUMMARY.md
• Deep audit summary: .sisyphus/notepads/deep-audit/EXECUTIVE-SUMMARY.md
• Validation log: .sisyphus/notepads/deep-audit/VALIDATION-LOG.md
• Shutdown redesign issue: Refactor shutdown semantics: ordering, idempotence, and signal contract (LIB-HIGH-003) #430

Why this issue exists

The main post-audit work is done and merged. This issue is the intentional backlog bucket so the remaining non-urgent / non-release-critical work is not lost after the release pressure is gone.