بنقرة واحدة
audit-serialization
Audit serialization proxy correctness and round-trip safety
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
القائمة
Audit serialization proxy correctness and round-trip safety
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
استنادا إلى تصنيف SOC المهني
Audit the adaptive window hill-climber and region-resize logic for implementation defects (not algorithm quality)
JSR-107 (JCache) spec-conformance audit
Audit explicit state machines (drain status, node lifecycle, async-value lifecycle) for illegal or missed transitions
Heavyweight history-mining bug audit. Walks the caffeine module's git history chronologically (oldest to HEAD), maintains a forward-tracked issue database, and surfaces concerns introduced by past commits that were never resolved. Catches bugs that snapshot mining cannot — half-fixes invisible from current state, latent+trigger pairs across multi-commit interactions, and partial refactors. Slow (model/effort-dependent; ~24h on Opus + max effort) and rare-run (every several months or before a major release).
Differential audit comparing matched code paths that should behave identically. Spawns one auditor per sibling pair (sync/async, bounded/unbounded, view consistency, bulk vs single, generated node variants, read fast vs slow, adapter conformance) and requires a concrete witness scenario where the two paths diverge observably.
Find places where documented API contracts and the implementation diverge
| name | audit-serialization |
| description | Audit serialization proxy correctness and round-trip safety |
| context | fork |
| agent | auditor |
| disable-model-invocation | true |
Audit the serialization/deserialization behavior of the cache.
Proxy completeness: Does the proxy capture ALL configuration? Check: max size/weight, expiration, key/value strength, weigher, loader, removal/eviction listener, ticker, scheduler, executor, initial capacity.
State transfer: Are entries serialized or only configuration? If entries: are expired entries filtered? async values handled? weak/soft refs dereferenced? If not: is this documented?
Deserialized consistency: Correct initial state for frequency sketch, timer wheel, drain status, deques, weight counters? Correct node types?
Cross-version compatibility: serialVersionUID present? Can older proxies deserialize in newer versions? Default values correct for missing fields?
Security: Can crafted serialized form create inconsistent state? Are inputs validated? Is the proxy pattern correctly implemented?
Edge cases:
For each defect: state the field/behavior affected, before/after across round-trip, severity (data loss, incorrect behavior, security risk).