PINK: E2E trace analysis — Pass 5 edge domains (H1-H22)
Fifth pass covering dependency management (no Python lockfile, Rust compiled from source), error handling observability (zero logging, 16+ silent swallows), type safety (17 enum-from-string crash sites, _legacy_intent always MARKET), and protocol contracts (MirroredControlPlane missing methods, RealZinc read atomicity, __del__ use-after-free). 22 new flaws. Combined catalog now 138. Co-authored-by: CommandCodeBot <noreply@commandcode.ai>
This commit is contained in:
Codex
@@ -19,7 +19,8 @@
|
||||
| E | E2E Trace (Pass 1) | 26 | 0 | 4 | 10 | 11 | 1 |
|
||||
| F | Deep E2E (Pass 3) | 30 | 0 | 1 | 8 | 17 | 4 |
|
||||
| G | Domain Scans (Pass 4) | 36 | 4 | 11 | 11 | 8 | 2 |
|
||||
| **Total** | | **116** | **5** | **21** | **32** | **40** | **18** |
|
||||
| H | Edge Domains (Pass 5) | 22 | 3 | 9 | 5 | 4 | 1 |
|
||||
| **Total** | | **138** | **8** | **30** | **37** | **44** | **19** |
|
||||
|
||||
---
|
||||
|
||||
@@ -160,6 +161,37 @@
|
||||
|
||||
---
|
||||
|
||||
## H-Series: Edge Domains — Dependencies, Error Handling, Types, Contracts (Pass 5)
|
||||
|
||||
*Full detail in TRACE doc under "PASS 5 — EDGE DOMAINS."*
|
||||
|
||||
| # | Flaw | Layer | Severity |
|
||||
|---|------|-------|----------|
|
||||
| H1 | No Python dependency files (requirements.txt, pyproject.toml, etc.) | Build | **Critical** |
|
||||
| H2 | Rust kernel compiled from source on every cold start — no prebuilt binary | Build | **Critical** |
|
||||
| H3 | Zero logging — 16+ silent except:pass sites, no error observability | All | **Critical** |
|
||||
| H4 | `_row_float` rejects zero as valid, `except Exception: continue` swallows all | Venue | **High** |
|
||||
| H5 | `_backend_snapshot` timeout returns stale data/None — callers crash | Venue | **High** |
|
||||
| H6 | All enum-from-raw-string sites crash on unknown variant (17 sites) | Bridge | **High** |
|
||||
| H7 | `_legacy_intent` reads `getattr(intent, "order_type")` not metadata — always MARKET | Venue | **High** |
|
||||
| H8 | Unknown venue status silently mapped to ACKED | Venue | **High** |
|
||||
| H9 | `RealZincPlane.write_slot()` `slot_id >= slot_count` silently lost | Zinc | **High** |
|
||||
| H10 | `RealZincControlPlane.read()` no atomicity with concurrent `update()` | Control | **High** |
|
||||
| H11 | `_RustKernelLib` lazy init with race condition — concurrent cargo build | Bridge | **High** |
|
||||
| H12 | `ExecutionKernel.__del__` use-after-free on Rust handle | Bridge | **High** |
|
||||
| H13 | `MirroredControlPlane` missing protocol methods (wait/notify) | Control | Medium |
|
||||
| H14 | `TradeSlot.remaining_size` vs `VenueOrder.remaining_size` — different semantics | Contracts | Medium |
|
||||
| H15 | `_maybe_close` asyncio.run RuntimeError silently swallowed | Launcher | Medium |
|
||||
| H16 | Lazy import of bingx_direct masks config errors until first trade | Build | Info |
|
||||
| H17 | `load_dotenv()` at module level — import-time I/O side effect | Launcher | Medium |
|
||||
| H18 | `_run()` blocks event loop on every HTTP call via thread pool | Venue | Medium |
|
||||
| H19 | `HazelcastClientLike` protocol has zero concrete implementations | Projection | Low |
|
||||
| H20 | `_decode_packet` uncaught UnicodeDecodeError/ValueError on corrupted SHM | Zinc | Low |
|
||||
| H21 | `wasm-bindgen` compiled into native library unnecessarily | Build | Low |
|
||||
| H22 | `socket.getaddrinfo` monkey-patch in test code | Test | Low |
|
||||
|
||||
---
|
||||
|
||||
## A-Series: Architectural Flaws (detailed writeups)
|
||||
|
||||
*These are the original architectural flaws with full analysis.*
|
||||
|
||||
Reference in New Issue
Block a user