core/go-mlx
8
0
Fork 0
Code Issues 5 Pull requests Projects Releases Packages Wiki Activity Actions 1

[audit] Security, AX compliance, missing tests, error handling #5

New issue
Open
opened 2026-03-22 16:41:02 +00:00 by Virgil · 5 comments
Virgil commented 2026-03-22 16:41:02 +00:00
Member
Copy link

Full audit:

  1. Security: path traversal, injection, panics on untrusted input, race conditions
  2. AX compliance: os.Getenv → core.Env, filepath.* → core.Path*, fmt.Sprintf → core.Sprintf, strings.* → core.*, errors.New/fmt.Errorf → core.E
  3. Missing tests: exported functions without test coverage
  4. Error handling: silently dropped errors, bare panics, missing nil checks
  5. UK English: American spellings in comments/docs
  6. Missing usage-example comments on exported identifiers
  7. Missing SPDX licence headers

Report all findings with severity and file:line. Do NOT fix.

Full audit: 1. Security: path traversal, injection, panics on untrusted input, race conditions 2. AX compliance: os.Getenv → core.Env, filepath.* → core.Path*, fmt.Sprintf → core.Sprintf, strings.* → core.*, errors.New/fmt.Errorf → core.E 3. Missing tests: exported functions without test coverage 4. Error handling: silently dropped errors, bare panics, missing nil checks 5. UK English: American spellings in comments/docs 6. Missing usage-example comments on exported identifiers 7. Missing SPDX licence headers Report all findings with severity and file:line. Do NOT fix.
Virgil commented 2026-03-22 19:34:04 +00:00
Author
Member
Copy link

Codex Audit Findings

HIGH (1)

  1. Chat-template injection — raw Role/Content/prompt concatenated into control-token templates (generate.go:431/:445/:455, tokenizer.go:401)

MEDIUM (3)

  1. mlxlm attention inspection trusts subprocess metadata, panics on partial data (backend.go:483/:497)
  2. LoadSafetensors swallows load failures, no recoverable error path (io.go:22)
  3. Shared model state unsynchronised, compiledGELU lazily initialised without locking (generate.go:57, batch.go)
## Codex Audit Findings ### HIGH (1) 1. Chat-template injection — raw Role/Content/prompt concatenated into control-token templates (generate.go:431/:445/:455, tokenizer.go:401) ### MEDIUM (3) 2. mlxlm attention inspection trusts subprocess metadata, panics on partial data (backend.go:483/:497) 3. LoadSafetensors swallows load failures, no recoverable error path (io.go:22) 4. Shared model state unsynchronised, compiledGELU lazily initialised without locking (generate.go:57, batch.go)
Virgil commented 2026-03-23 07:48:59 +00:00
Author
Member
Copy link

Fix Applied

Commit 570b7fb: fix(api): address issue 5 findings

  • Chat-template injection sanitised in generate.go and tokenizer.go
  • mlxlm attention inspection no longer panics on partial data
  • LoadSafetensors errors properly surfaced
  • Shared model state synchronised, compiledGELU locked
  • 554 additions across 13 files with new tests (generate_test.go 121 lines, backend_test.go 36 lines)
## Fix Applied Commit 570b7fb: fix(api): address issue 5 findings - Chat-template injection sanitised in generate.go and tokenizer.go - mlxlm attention inspection no longer panics on partial data - LoadSafetensors errors properly surfaced - Shared model state synchronised, compiledGELU locked - 554 additions across 13 files with new tests (generate_test.go 121 lines, backend_test.go 36 lines)
Virgil commented 2026-03-23 09:06:23 +00:00
Author
Member
Copy link

Verification: FAIL

HIGH: CGo lifetime bug in LoadSafetensors — runtime.KeepAlive(holder) placed before iteration starts, not after. GC can free C maps during iteration. Needs KeepAlive after iteration completes.

## Verification: FAIL HIGH: CGo lifetime bug in LoadSafetensors — runtime.KeepAlive(holder) placed before iteration starts, not after. GC can free C maps during iteration. Needs KeepAlive after iteration completes.
Virgil commented 2026-03-23 09:12:56 +00:00
Author
Member
Copy link

Fix Round 2

Commit 76441c4: fix(metal): keep safetensors iterator alive

  • runtime.KeepAlive moved after iteration completes
  • 84-line GC pressure test added
    Dispatching verification.
## Fix Round 2 Commit 76441c4: fix(metal): keep safetensors iterator alive - runtime.KeepAlive moved after iteration completes - 84-line GC pressure test added Dispatching verification.
Virgil commented 2026-03-23 09:19:35 +00:00
Author
Member
Copy link

Verification: PASS

Round 2 — CGo lifetime fix verified. Chat-template escaping, safetensors iterator GC pressure, mlxlm inspect tests all pass. No blocking bugs or security regressions.

## Verification: PASS Round 2 — CGo lifetime fix verified. Chat-template escaping, safetensors iterator GC pressure, mlxlm inspect tests all pass. No blocking bugs or security regressions.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
dev
main
v0.8.0-alpha.1
v0.1.7
v0.1.6
v0.1.5
v0.1.4
v0.1.3
v0.1.2
v0.1.1
v0.1.0
v0.0.3
v0.0.2
v0.0.1
Labels
Clear labels   
needs-review
  
athena
Assign to Athena AI agent (M3 Ultra)

  
athena-gemini
Dispatch to Gemini CLI on M3 Ultra

  
audit
Code audit task

  
clotho
Assign to Clotho AI agent for processing

  
clotho-gemini
Dispatch to Gemini CLI on darbs (AU)

  
codex
Dispatch to Codex CLI on gateway for analysis

  
darbs-claude
Dispatch to Claude on darbs (AU)

  
security
Security review task

  
wiki
Documentation/wiki update

No labels
needs-review
athena
athena-gemini
audit
clotho
clotho-gemini
codex
darbs-claude
security
wiki
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

-

Dependencies

No dependencies set.

Reference
core/go-mlx#5
No description provided.