You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Backlog of LOW-severity and NIT findings from the deep audit done while fixing #140 (persona-injection channel + over-eager IntentGate). The two #140 root-cause bugs and all HIGH/MED findings are being fixed on branch fix/matrix-coder-140-invocation; this issue captures the remaining low-priority items for future consideration. File paths are under plugins/matrix_coder/.
State hygiene (LOW)
PL-4 — _inject_persona clears persona then re-sets it in handle_implicit; a concurrent observer can see the transient cleared-then-not-yet-set window. Subsumed by the session-keyed bridge fix (PL-1) on the active branch; track residual. __init__.py, core/harness.py.
KB-3 — open_child_card / register_child_card / pop_child_card_ids are fully coded + tested but have zero production callers (Phase-3 stubs; relates to Matrix Coder Kanban audit: only one parent card per invocation — per-dispatch child cards not implemented #130). pop_child_card_ids() is never called, so a future register_child_card() without pop grows _active_child_ids unbounded until restart. core/kanban_audit.py:94, core/hermes_bridge.py:109-127.
KB-4 — idempotency_key uses a fresh uuid4().hex per call, negating dedup on retry; retries produce duplicate audit cards. Derive from sha1(f"{session_id}:{role}:{goal[:60]}"). core/kanban_audit.py:81.
CF-3 — enabled flag in load_config() hardcoded True; no Hermes config.yaml overlay path exists, so operators can't disable Matrix Coder without editing source. Stopgap: os.environ.get("MATRIX_CODER_ENABLED","1"). core/config.py:22-41.
SW-3 — has_coding_intent swallows exceptions and returns False at DEBUG only; if a regex ever raises, implicit routing silently misclassifies every message. (Partially addressed by the SW-1 log-tiering on the active branch — confirm coverage.) core/intent_gate.py.
Dead / placeholder code (LOW)
DC-1 — _normalize_output is a registered transform_llm_output no-op (returns None in both branches); pays hook overhead on every LLM output for zero effect. Unregister until needed, or collapse to a one-liner. __init__.py:110-125, registered at :288.
DC-2 — run_passthrough has zero production callers (only test_walking_skeleton.py); /matrix returns help text directly. Also carries the PL-3 stale-card bug. core/harness.py:140-168.
DC-3 — claim_files / release_files / would_conflict implemented but never called; single-writer guardrail is advisory only (README is accurate). Annotate as phase-N stubs. core/hermes_bridge.py:131-156.
TC-5 — no test for the implicit_routing_enabled=False guard (prospective, once the config flag lands).
TC-6 — _log_injection degraded path (role=unknown, lens=none) has no test. __init__.py:79-89.
Quick wins / perf (NIT)
QW-1 — import re inside _log_injection on every call; move to module level. __init__.py:83.
QW-2 — session_id cast str(kwargs.get("session_id") or "") produces "" where None is the correct sentinel; pass Optional[str] through. __init__.py:110.
QW-3 — _term_pattern() relies on re LRU cache for 40+ _CODING_TERMS every hook turn; pre-compile patterns at module load. core/intent_gate.py:237-239.
QW-4 — kanban_audit.open_card / open_child_card open+close a DB connection per call; a context-managed pool would pay off if the audit layer ever becomes higher-frequency. core/kanban_audit.py.
Open questions (low-confidence, surfaced not blocking)
Is post_llm_call actually gated on final_response and not interrupted in the Hermes core? (__init__.py:84-86 docstring claim — unverified.)
Does kanban_db.complete_task raise or silently succeed on an already-closed card? Affects the double-close (PL-2) reasoning.
Source: 3-agent read-only audit (architect / security-reviewer / code-reviewer) during the #140 fix.
Backlog of LOW-severity and NIT findings from the deep audit done while fixing #140 (persona-injection channel + over-eager IntentGate). The two #140 root-cause bugs and all HIGH/MED findings are being fixed on branch
fix/matrix-coder-140-invocation; this issue captures the remaining low-priority items for future consideration. File paths are underplugins/matrix_coder/.State hygiene (LOW)
_inject_personaclears persona then re-sets it inhandle_implicit; a concurrent observer can see the transient cleared-then-not-yet-set window. Subsumed by the session-keyed bridge fix (PL-1) on the active branch; track residual.__init__.py,core/harness.py.open_child_card/register_child_card/pop_child_card_idsare fully coded + tested but have zero production callers (Phase-3 stubs; relates to Matrix Coder Kanban audit: only one parent card per invocation — per-dispatch child cards not implemented #130).pop_child_card_ids()is never called, so a futureregister_child_card()without pop grows_active_child_idsunbounded until restart.core/kanban_audit.py:94,core/hermes_bridge.py:109-127.idempotency_keyuses a freshuuid4().hexper call, negating dedup on retry; retries produce duplicate audit cards. Derive fromsha1(f"{session_id}:{role}:{goal[:60]}").core/kanban_audit.py:81.enabledflag inload_config()hardcodedTrue; no Hermesconfig.yamloverlay path exists, so operators can't disable Matrix Coder without editing source. Stopgap:os.environ.get("MATRIX_CODER_ENABLED","1").core/config.py:22-41.has_coding_intentswallows exceptions and returnsFalseat DEBUG only; if a regex ever raises, implicit routing silently misclassifies every message. (Partially addressed by the SW-1 log-tiering on the active branch — confirm coverage.)core/intent_gate.py.Dead / placeholder code (LOW)
_normalize_outputis a registeredtransform_llm_outputno-op (returnsNonein both branches); pays hook overhead on every LLM output for zero effect. Unregister until needed, or collapse to a one-liner.__init__.py:110-125, registered at:288.run_passthroughhas zero production callers (onlytest_walking_skeleton.py);/matrixreturns help text directly. Also carries the PL-3 stale-card bug.core/harness.py:140-168.claim_files/release_files/would_conflictimplemented but never called; single-writer guardrail is advisory only (README is accurate). Annotate as phase-N stubs.core/hermes_bridge.py:131-156.Test gaps (LOW)
run_passthroughPL-3 bug (stale_active_card_idleak) is untested.tests/test_walking_skeleton.py.implicit_routing_enabled=Falseguard (prospective, once the config flag lands)._log_injectiondegraded path (role=unknown, lens=none) has no test.__init__.py:79-89.Quick wins / perf (NIT)
import reinside_log_injectionon every call; move to module level.__init__.py:83.session_idcaststr(kwargs.get("session_id") or "")produces""whereNoneis the correct sentinel; passOptional[str]through.__init__.py:110._term_pattern()relies onreLRU cache for 40+_CODING_TERMSevery hook turn; pre-compile patterns at module load.core/intent_gate.py:237-239.kanban_audit.open_card/open_child_cardopen+close a DB connection per call; a context-managed pool would pay off if the audit layer ever becomes higher-frequency.core/kanban_audit.py.Open questions (low-confidence, surfaced not blocking)
post_llm_callactually gated onfinal_response and not interruptedin the Hermes core? (__init__.py:84-86docstring claim — unverified.)kanban_db.complete_taskraise or silently succeed on an already-closed card? Affects the double-close (PL-2) reasoning.Source: 3-agent read-only audit (architect / security-reviewer / code-reviewer) during the #140 fix.