Skip to content

refactor: whole-project /code audit round 2 (fixes + comment tightening)#71

Merged
CMGS merged 1 commit into
masterfrom
chore/code-audit-r2
Jul 2, 2026
Merged

refactor: whole-project /code audit round 2 (fixes + comment tightening)#71
CMGS merged 1 commit into
masterfrom
chore/code-audit-r2

Conversation

@CMGS

@CMGS CMGS commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

What

Round-2 whole-project /code audit: all 236 Go source files reviewed line-by-line against the house rulebook, findings adversarially verified before fixing, then a project-wide comment-density pass. Net +212 / −338 across 75 files.

Correctness-adjacent fixes

  • utils.ResolveRef prefix path could resolve a null index entry and panic downstream (the exact-ID and name paths already nil-checked; the prefix path didn't). Skip nil entries — a corrupt/hand-edited vms.json now yields ErrNotFound instead of a crash.
  • types.VM Resolved* methods dereferenced NetworkConfigs[0] unguarded → added a nil-safe firstNIC() accessor shared by all three.
  • snapshot export --to-dir help text was mangled by pflag's backquote handling (rendered the flag's value-type as vm clone --from-dir). Single-quoted.
  • CNI conflist load errors were silently dropped; now stashed and surfaced through errNoConflist at the point of failure (a bad .conflist no longer masquerades as "no conflist found").
  • cmd/vm watch loop / cloneFromDir pointer copies guarded; firecracker console-relay failure now logs the actual error.

Consistency / modernisms

  • Hand-rolled loops → slices.ContainsFunc/DeleteFunc/Clone/Concat, maps.Copy, utils.MapValues reuse.
  • qcow2 / gzip magic bytes deduped into utils/magic.go (was 3 copies).
  • Dead network.ErrNotFound sentinel removed; metering const/var block order; progress exported-above ordering; cmd.vm.* log-tag consistency; debug.go verb-less PrintfPrint/Println; BlobExt instead of a hardcoded ".qcow2".

Comments

131 tightened to 1–2 lines (dropping restatement / PR-narration, keeping constraint-bearing WHYs). Two stale comments corrected against actual behavior (MountSpec renders verbatim; sparse fallback triggers on empty files).

Verification

  • Findings adversarially verified (3 false positives dropped before any edit).
  • make lint — 0 issues on GOOS=linux and darwin; make test (race + cover) green.
  • No ecosystem consumer of the removed export (network.ErrNotFound) or changed signatures.
  • Real-hardware smoke (isolated root): full VM lifecycle — pull / create / start / vsock exec / 3-char-prefix inspect / vm list filter / debug output / ACPI stop / rm — all pass.

🤖 Generated with Claude Code

Line-by-line audit of all 236 Go files against the /code rulebook, findings
adversarially verified before fixing.

Correctness-adjacent:
- utils.ResolveRef prefix path could resolve a null index entry and panic
  downstream (exact/name paths already nil-checked); skip nil entries
- types.VM Resolved* methods deref NetworkConfigs[0] unguarded; add nil-safe
  firstNIC() accessor
- snapshot export --to-dir flag help was mangled by pflag backquote handling
- cmd/vm/status watch loop and cmd/vm run cloneFromDir copy pointers unguarded
- firecracker console-relay failure now logs the actual error
- CNI conflist load errors are no longer silently dropped: stashed and
  surfaced through errNoConflist at the point of failure

Consistency/modernisms:
- hand-rolled loops -> slices.ContainsFunc/DeleteFunc/Clone/Concat, maps.Copy,
  utils.MapValues reuse
- qcow2/gzip magic bytes deduped into utils/magic.go (3 copies -> 1)
- dead network.ErrNotFound sentinel removed; metering const/var block order;
  progress exported-above ordering; cmd.vm.* log tag consistency;
  debug.go verb-less Printf -> Print/Println; BlobExt instead of ".qcow2"

Comments: 131 tightened to 1-2 lines (net -138 lines project-wide), dropping
restatement/narration while keeping constraint-bearing WHYs; two stale
comments corrected against actual behavior (MountSpec renders verbatim,
sparse fallback triggers on empty files).
@CMGS CMGS merged commit 42cae70 into master Jul 2, 2026
4 checks passed
@CMGS CMGS deleted the chore/code-audit-r2 branch July 2, 2026 03:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant