Summary
Audit of src/agent/react.js identified 4 issues including an unused _lastError variable in both callReactAgent and callReactAgentStreaming, inconsistent indentation, silent role mapping in message rebuild, and a fallback role that could mask unexpected message types.
Environment
- OS: Linux 7.0.2-7-pve
- Node.js: v25.8.1
- madz version: 1.12.0
- LLM provider: Unknown — user to confirm
Reproduction
- Run
audit-code on ./src/agent directory
- Review audit output for
react.js
- Observe 4 issues reported
Expected Behavior
Clean codebase with no dead code, consistent formatting, and proper error tracking.
Actual Behavior
4 issues found:
- 1 medium: unused
_lastError variable in both callReactAgent and callReactAgentStreaming
- 3 low: inconsistent indentation, silent role mapping in message rebuild, fallback role masking
Additional Context
The file contains 529 lines and is the core agent implementation. The unused _lastError variables suggest incomplete error tracking or leftover from refactoring. The other issues are minor code quality concerns.
Audit Table
| File |
Line |
Type |
Severity |
Summary |
| react.js |
131, 301 |
Bug |
Medium |
Unused _lastError variable in both callReactAgent and callReactAgentStreaming — never read or logged |
| react.js |
143-151 |
Style |
Low |
Inconsistent indentation in cache logic block after extractContent |
| react.js |
190-197, 494-501 |
Bug |
Low |
Silent role mapping in message rebuild — tool messages from compactConversation would be silently mapped to AIMessage |
| react.js |
24 |
Security |
Low |
getMessageRole falls back to system for unknown message types — could mask unexpected message types |
Summary: 4 issues found (0 critical, 0 high, 1 medium, 3 low). 1 file audited.
Summary
Audit of
src/agent/react.jsidentified 4 issues including an unused_lastErrorvariable in bothcallReactAgentandcallReactAgentStreaming, inconsistent indentation, silent role mapping in message rebuild, and a fallback role that could mask unexpected message types.Environment
Reproduction
audit-codeon./src/agentdirectoryreact.jsExpected Behavior
Clean codebase with no dead code, consistent formatting, and proper error tracking.
Actual Behavior
4 issues found:
_lastErrorvariable in bothcallReactAgentandcallReactAgentStreamingAdditional Context
The file contains 529 lines and is the core agent implementation. The unused
_lastErrorvariables suggest incomplete error tracking or leftover from refactoring. The other issues are minor code quality concerns.Audit Table
_lastErrorvariable in bothcallReactAgentandcallReactAgentStreaming— never read or loggedextractContentcompactConversationwould be silently mapped toAIMessagegetMessageRolefalls back tosystemfor unknown message types — could mask unexpected message typesSummary: 4 issues found (0 critical, 0 high, 1 medium, 3 low). 1 file audited.