docs: whole-codebase logic bug audit ahead of larger-scale deployment#115
Open
passcod wants to merge 9 commits into
Open
docs: whole-codebase logic bug audit ahead of larger-scale deployment#115passcod wants to merge 9 commits into
passcod wants to merge 9 commits into
Conversation
138 findings across all five crates and seventeen subsystem reviews, categorised by severity/impact and testability of the fix. Report only; no fixes applied. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01A6G4NQfLjX6J9fB5wNKjvo
Contributor
Code Coverage OverviewLanguages: TypeScript, Rust TypeScript / code-coverage/vitestThe overall coverage in the branch remains at 65%, unchanged from the branch. Show a code coverage summary of the most impacted files.
Rust / code-coverage/rustThe overall coverage remains at 55%, unchanged from the branch. Updated |
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01A6G4NQfLjX6J9fB5wNKjvo
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01A6G4NQfLjX6J9fB5wNKjvo
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01A6G4NQfLjX6J9fB5wNKjvo
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01A6G4NQfLjX6J9fB5wNKjvo
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01A6G4NQfLjX6J9fB5wNKjvo
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01A6G4NQfLjX6J9fB5wNKjvo
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01A6G4NQfLjX6J9fB5wNKjvo
Each cross-cutting theme in the main report now links to its companion analysis; fixes one heading anchor for section 10. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01A6G4NQfLjX6J9fB5wNKjvo
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds
docs/logic-bug-audit-2026-07.md: a full logic-bug audit of every crate and subsystem (protocol,coredefs/OI/runtime/system,daemon,ctl,web), carried out ahead of larger-scale deployment. Report only — no fixes are applied in this PR.Contents
docs/logic-bug-audit-2026-07/, one per cross-cutting theme, each assessing if and how a high-level pattern or change would fix and prevent the class: the failure pattern, affected findings, a verdict, a concrete proposed design grounded in the real code, what it does and does not prevent, a migration path, and enforcement (tests, spec items, CI checks). Cross-linked from the main report's themes section.Headline items
/apps/updatestill swaps the partially-evaluated AppDef into the registry and then runs the destructive post-reload steps — holding (relocating) live volume data, wiping scaling decisions, and tearing down forwards — from a single script typo. Independently found by two reviewers and manually verified.rt.stopon scaled deployments, unenforced chained-barrier deadlines,rt.signaldedup), TLS serving/issuance, pod network prefix collisions, and event-stream clients that hang forever on server error responses.Theme verdicts (short form)
open_subscriptionhelper incrates/protocoleliminates the class; four call sites re-implement the same handshake today.Observed/Failedenum at the observer boundary; needs no persistence change.(app, kind, subject)key; converge-to-current-set for condition faults.take_*helper module plus a scoped CI grep; must land after the critical reload fix.RetryGate(extracted from the scheduler's existing tested back-off) for tick-driven retries, plus a loop discipline with transient/fatal classification for relays.INSERT OR REPLACEon rows with independently-owned columns) held together by aRestartWorldtest harness, the one element that would have caught all four findings.Method
Seventeen independent subsystem reviews, each reading its scope in full and cross-checking against callers,
docs/spec/, and existing tests; spec- or test-asserted behaviour was treated as intentional. Line numbers referencee14aa26(v0.4.5). Duplicated findings across reviewers were merged (corroboration noted inline).🤖 Generated with Claude Code
https://claude.ai/code/session_01A6G4NQfLjX6J9fB5wNKjvo