Skip to content

Full repository audit for P2+ bugs and security risks #7

Description

@beautifulrem

Scope

Audit the whole repository for P2 or higher bugs, security issues, reliability risks, and missing validation. This is a repository-level audit, not a review of only recent diffs.

Focus areas

  • Architecture and module boundaries
  • API input validation and type coercion
  • Resource amplification, fan-out, memory, latency, and denial-of-service risks
  • Model/artifact loading and fallback behavior
  • External downloads, archive extraction, and data poisoning risks
  • Path handling, file writes, generated artifacts, and unsafe defaults
  • Secrets, credentials, dependency risks, and GitHub Actions exposure
  • Retrieval/NLU correctness risks that can silently produce wrong financial evidence
  • Test gaps around confirmed high-impact behavior

Reporting requirements

Only report P2 or higher issues. For each finding, include:

  • Severity
  • Affected file and line
  • Root cause
  • Impact
  • Reproduction or concrete evidence when possible
  • A focused fix
  • Relevant tests to add or update

Ignore style-only, formatting-only, or low-severity findings. Do not make broad refactors unless they are necessary to fix a confirmed P2+ issue. If you open a PR, keep the patch focused and run the most relevant test suite before handing it back.

Metadata

Metadata

Labels

No labels
No labels

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions