|
| 1 | +# ROADMAP |
| 2 | + |
| 3 | +## v0.3.0 — Bug Fixes from Cross-Audit (2026-05-19) |
| 4 | + |
| 5 | +30 bugs found by 6-agent parallel audit. Fixed in 4 parallel batches (all Haiku/Opus-4.6). |
| 6 | + |
| 7 | +--- |
| 8 | + |
| 9 | +### CRITICAL — 5/5 fixed ✅ |
| 10 | + |
| 11 | +- [x] **BUG-01** `server.go:161` — 4KB buffer → 10MB `bufio.NewReaderSize` |
| 12 | +- [x] **BUG-02** `server.go:200-221` — MCP `notifications/initialized` no-op; nil-ID notification detection |
| 13 | +- [x] **BUG-03** `main.go:109` — CLI whitespace panic: `len(args) == 0` guard |
| 14 | +- [x] **BUG-04** `main.go:104,243` — CLI EOF spin: `nextLine()` returns `(string, bool)` |
| 15 | +- [x] **BUG-05** `browser.go:496` — Fill element-not-found returns error via JS JSON response |
| 16 | + |
| 17 | +### HIGH — 7/7 fixed ✅ |
| 18 | + |
| 19 | +- [x] **BUG-06** `server.go:292-547` — 19 handlers: `json.Unmarshal` error checked |
| 20 | +- [x] **BUG-07** `browser.go:483,496` — JS injection: Go `%q` → `json.Marshal` (`jsonEscaped`) |
| 21 | +- [x] **BUG-08** `protocol.go:22` + `client.go:211` — Response.ID `int` → `*int`; nil check |
| 22 | +- [x] **BUG-09** `server.go:258,268,279,307,320` — `json.Marshal` errors logged/returned |
| 23 | +- [x] **BUG-10** `browser.go:112,142` — NavigateBack/Forward dual bounds check |
| 24 | +- [x] **BUG-11** `discovery.go:19-26` — PowerShell subprocess 15s timeout via `context.WithTimeout` |
| 25 | +- [x] **BUG-12** `client.go:216` — readLoop non-blocking `select { case ch <- resp: default: }` |
| 26 | + |
| 27 | +### MEDIUM — 5/8 fixed |
| 28 | + |
| 29 | +- [ ] **BUG-13** `browser.go:236` — Global CDP detach+attach optimization (deferred: perf, not crash) |
| 30 | +- [x] **BUG-14** `browser.go:341-348` — CUAType: attach once, executeCdp direct (no detach between chars) |
| 31 | +- [ ] **BUG-15** `browser.go:358-372` — CUAKeypress per-key attach cycles (deferred: perf) |
| 32 | +- [x] **BUG-16** `browser.go:342-343` — CUAType: keyDown+char+keyUp per character |
| 33 | +- [ ] **BUG-17** `browser.go:179-181` — WaitForLoad transient error retry (deferred: edge case) |
| 34 | +- [x] **BUG-18** `client.go:67` — Health check: 5s goroutine timeout wrapper |
| 35 | +- [ ] **BUG-19** `browser.go:255-257` — isDebuggerError match expansion (deferred: future extension) |
| 36 | +- [x] **BUG-20** `main.go:212-213` — CLI try command: `args[2:]` instead of byte offset |
| 37 | + |
| 38 | +### LOW — 8/10 fixed |
| 39 | + |
| 40 | +- [ ] **BUG-21** `client.go:238` — newUUID panic → error (deferred: Windows never fails) |
| 41 | +- [x] **BUG-22** `main.go:33` — BRIDGE_DEBUG_LOG open failure logs warning |
| 42 | +- [x] **BUG-23** `main.go` — os.Exit → return error; defer preserved |
| 43 | +- [x] **BUG-24** `discovery.go:43` — extractUUID conditional single-char strip |
| 44 | +- [x] **BUG-25** `client.go:174` — time.After → time.NewTimer + defer Stop() |
| 45 | +- [x] **BUG-26** `browser.go:269-288` — DOMSnapshot fallback prepends marker |
| 46 | +- [ ] **BUG-27** `browser.go:585` — ClaimUserTab auto-attach error (deferred: minor) |
| 47 | +- [x] **BUG-28** `browser.go:291,294` — Screenshots typo (was already fixed) |
| 48 | +- [x] **BUG-29** `browser.go:422-424` — DomCUAClick boxModel len(content) < 5 guard |
| 49 | +- [ ] **BUG-30** `client.go:180-193` — SendNotification test coverage (deferred: test batch) |
| 50 | + |
| 51 | +--- |
| 52 | + |
| 53 | +### Summary |
| 54 | + |
| 55 | +| Severity | Fixed | Total | % | |
| 56 | +|----------|-------|-------|---| |
| 57 | +| CRITICAL | 5 | 5 | 100% | |
| 58 | +| HIGH | 7 | 7 | 100% | |
| 59 | +| MEDIUM | 5 | 8 | 62% | |
| 60 | +| LOW | 8 | 10 | 80% | |
| 61 | +| **Total** | **25** | **30** | **83%** | |
| 62 | + |
| 63 | +5 deferred: BUG-13,15,17,19 (perf/edge-case MEDIUM) + BUG-21,27 (LOW, unlikely to trigger) + BUG-30 (test coverage). |
| 64 | + |
| 65 | +### Audit methodology |
| 66 | + |
| 67 | +6 subagents (2×Opus 4.7, 2×Sonnet 4.6, 2×Haiku/Opus-4.6-fast) scanned in parallel: |
| 68 | +- Opus #1: core client logic, concurrency, CDP protocol |
| 69 | +- Opus #2: MCP server, protocol framing, discovery |
| 70 | +- Sonnet #1: error handling, edge cases, resource leaks |
| 71 | +- Sonnet #2: test quality, coverage gaps |
| 72 | +- Haiku #1: surface bugs, typos, naming, logic errors |
| 73 | +- Haiku #2: main.go + discovery.go deep audit |
| 74 | + |
| 75 | +### Fix methodology |
| 76 | + |
| 77 | +4 parallel Haiku agents, each on dedicated branch, cherry-picked to main: |
| 78 | +- `fix/a-server` (7152269): server.go — 4 bugs |
| 79 | +- `fix/b-browser` (751280d): browser.go — 7 bugs |
| 80 | +- `fix/c-client` (6bb3269): client/discovery/protocol — 6 bugs |
| 81 | +- `fix/d-main` (ce64ab2): main.go — 5 bugs |
0 commit comments