PINK: E2E trace analysis — Pass 21 rust build/deps/python packaging/shared mem (X1-X14)

Twenty-first pass: no ABI compatibility check on Rust .so load stale binary
corrupts silently (X1 Critical), real_zinc_plane _write_region zeroes entire
buffer before write visible all-zero window (X2 Critical), no requirements.txt
setup.py pyproject.toml zero Python dependency declarations (X3 Critical),
RealZincControlPlane.update() no thread lock concurrent calls corrupt seq and
shared memory (X4 High), libc declared in Cargo.toml never used dead dependency
(X5 High), 5 test files hardcoded sys.path.insert non-portable (X6 High),
_decode_packet no try/except on json.loads partial body read crashes reader (X7
High), ExchangeEvent not exported from __init__.py package API inconsistency (X8
High), RealZincPlane and RealZincControlPlane collide on {prefix}_control region
name (X10 Medium). 375 total flaws across 21 passes.

Co-authored-by: CommandCodeBot <noreply@commandcode.ai>

PINK_DITAv2_FLAW_ANALYSIS_2026-05-31.md

@@ -1,7 +1,7 @@
 # PINK DITAv2 — Structural Flaw Analysis (CENTRAL)
 
 **Analysis date:** 2026-05-31
-**Last updated:** 2026-06-02 (flaw fix pass 2 — 5 more flaws closed; 13 total)
+**Last updated:** 2026-06-02 (flaw fix pass 4 — W10 closed; 17 total fixed)
 **Scope:** Full PINK pipeline — all flaws across all modules.
 
 > **Fix notation:** Rows marked **✅ FIXED `<sha>`** are verified-fixed with a test commit on branch `exp/pink-ditav2-sprint0-20260530`.
@@ -54,7 +54,8 @@
 | U | Pass 18 (Rust Test Gaps/Accounting/FFI Types) | 14 | 3 | 4 | 4 | 3 | 0 |
 | V | Pass 19 (Lifecycle/Rust Subtleties/Test Infra) | 14 | 5 | 2 | 4 | 3 | 0 |
 | W | Pass 20 (Config/Math Signs/BingX Protocol) | 14 | 4 | 7 | 3 | 0 | 0 |
-| **Total** | | **361** | **39** | **108** | **103** | **64** | **37** |
+| X | Pass 21 (Rust Build/Deps/Python Packaging/Shared Mem) | 14 | 3 | 5 | 6 | 0 | 0 |
+| **Total** | | **375** | **42** | **113** | **109** | **64** | **37** |
 
 ---
 
@@ -363,6 +364,14 @@
 | N9 | No `asyncio.all_tasks()` or task accounting — leaked tasks undetectable | All | Low |
 | N10 | `_snap_lock` no reader-side protection (informational) | Venue | Info |
 
+### Fixes applied (2026-06-02 pass 3)
+
+| Flaw | Commit | What changed |
+|------|--------|--------------|
+| V1 — `LauncherBundle.close()` missing `kernel.close()` | `8d9762c` | `self.kernel.close()` wired into bundle teardown; Rust handle deterministically destroyed |
+| V2 — `BingxVenueAdapter` no `close()` | `8d9762c` | `close()` added; shuts down class-level `ThreadPoolExecutor` + delegates to `backend.close()` |
+| V3 — `seen_event_ids` not cleared on slot reuse | `8d9762c` | `slot.seen_event_ids.clear()` added to ENTER handler in Rust kernel; fill dedup no longer pollutes across trades |
+
 ---
 
 ## O-Series: Sync/Async Wider Scope (Launcher, Generators, Streams, FFI, Tests) (Pass 12)
@@ -524,9 +533,9 @@
 
 | # | Flaw | Layer | Severity |
 |---|------|-------|----------|
-| V1 | `DITAv2LauncherBundle.close()` never calls `kernel.close()` — Rust handle leaks via `__del__` | Launcher | **Critical** |
-| V2 | `BingxVenueAdapter` no `close()`/`disconnect()` — ThreadPoolExecutor/HTTP never release | Venue | **Critical** |
-| V3 | `process_intent` ENTER doesn't clear `seen_event_ids` — old dedup pollutes new trade | Rust | **High** |
+| V1 | `DITAv2LauncherBundle.close()` never calls `kernel.close()` — Rust handle leaks via `__del__` — **✅ FIXED `8d9762c`** | Launcher | **Critical** |
+| V2 | `BingxVenueAdapter` no `close()`/`disconnect()` — ThreadPoolExecutor/HTTP never release — **✅ FIXED `8d9762c`** | Venue | **Critical** |
+| V3 | `process_intent` ENTER doesn't clear `seen_event_ids` — old dedup pollutes new trade — **✅ FIXED `8d9762c`** | Rust | **High** |
 | V4 | 3 generators write same output file — last writer wins, incompatible prologues | Test | **Critical** |
 | V5 | Generated tests triple env-gated — never run in CI, dead code | Test | **Critical** |
 | V6 | `kernel.close()` destroys Rust handle immediately — no drain, no flush, UAF risk | Bridge | **Critical** |
@@ -564,6 +573,29 @@
 
 ---
 
+## X-Series: Rust Build/Deps, Python Packaging, Shared Memory Protocol (Pass 21)
+
+*Full detail in TRACE doc under "PASS 21 — RUST BUILD/DEPS, PYTHON PACKAGING, SHARED MEMORY PROTOCOL."*
+
+| # | Flaw | Layer | Severity |
+|---|------|-------|----------|
+| X1 | No ABI compatibility check on Rust `.so` load — stale binary corrupts silently | Bridge | **Critical** |
+| X2 | `real_zinc_plane._write_region()` zeroes entire buffer before write — visible all-zero window | Plane | **Critical** |
+| X3 | No `requirements.txt`/`setup.py`/`pyproject.toml` — zero Python dependency declarations | Build | **Critical** |
+| X4 | `RealZincControlPlane.update()` no thread lock — concurrent calls corrupt seq and shared memory | Plane | **High** |
+| X5 | `libc` declared in `Cargo.toml` but never used — dead dependency | Rust | **High** |
+| X6 | 5 test files use hardcoded `sys.path.insert(0, "/mnt/dolphinng5_predict")` — non-portable | Test | **High** |
+| X7 | `_decode_packet()` no try/except on `json.loads` — partial body read crashes reader | Plane | **High** |
+| X8 | `ExchangeEvent`/`ExchangeEventKind` not exported from `__init__.py` | Bridge | **High** |
+| X9 | No MSRV or `rust-toolchain.toml` — builds differ per Rust version | Rust | Medium |
+| X10 | RealZincPlane and RealZincControlPlane collide on `{prefix}_control` region name | Plane | Medium |
+| X11 | Sequence number decoded but never read by any consumer — dead data on wire | Plane | Medium |
+| X12 | `_maybe_close()` `fut.result(timeout=10.0)` — TimeoutError strands coroutine | Launcher | Medium |
+| X13 | `__init__.py` flat re-exports 45 names — naming collision risk | Bridge | Medium |
+| X14 | `close()` not idempotent on RealZincPlane/RealZincControlPlane | Plane | Medium |
+
+---
+
 ## H-Series: Edge Domains — Dependencies, Error Handling, Types, Contracts (Pass 5)
 
 *Full detail in TRACE doc under "PASS 5 — EDGE DOMAINS."*