// Perform a structured code review of staged or recently changed Warpine source files, covering correctness, security, test coverage, clean-room compliance, and documentation hygiene.
Audit and update all project documentation to stay in sync with the current development status.
Stage, commit, and push changes to the remote repository with a well-formed commit message.
Manage the full software release process, including version bumps, changelogs, Git tags, and GitHub releases.
Perform project-wide security audits focused on KVM hypervisor escape, guest memory safety, and dependency vulnerabilities.
| name | code-review |
| description | Perform a structured code review of staged or recently changed Warpine source files, covering correctness, security, test coverage, clean-room compliance, and documentation hygiene. |
When performing a code review, follow these steps in order:
Determine which files to review:
git diff HEAD (unstaged + staged changes) or git diff main...HEAD (branch vs main) to enumerate changed files.target/, $OUT_DIR, font_unifont*.bin) and vendored third-party code.cargo test 2>&1 # All unit + integration tests must pass
cargo clippy -- -D warnings 2>&1 # Zero warnings required
Report any failures immediately. Do not proceed to manual review until both are clean.
For each changed source file, check:
doc/ documentation. Check that error codes match the OS/2 spec (e.g., ERROR_INVALID_HANDLE = 6, not a Linux errno).APIRET (u32) in RAX. Confirm the correct value is placed in regs.rax on success and on each error path.targets/os2api.def and src/loader/api_registry.rs. Run cargo run --bin gen_api -- check and confirm it reports clean.guest_mem helpers must use the bounds-checked API; no raw pointer arithmetic from guest-supplied values.read_guest_string (which calls cp_decode with the active codepage). Direct from_utf8_lossy on raw guest bytes is wrong.Warpine's threat model is hypervisor escape from a malicious OS/2 guest. Check every changed unsafe block and every API handler:
guest_mem.Vec::with_capacity(guest_len) from an untrusted length is a DoS / OOM vector.../ traversal outside the mapped drive root, no absolute host paths derived from guest input.unwrap() on a KVM result is a crash vector.MAGIC_API_BASE INT 3 breakpoints must only be honoured when the guest is in ring 3 (CPL=3). Check that vcpu.rs verifies CPL before dispatching.Flag any finding with a [SECURITY] prefix and its severity (Critical / High / Medium / Low).
samples/.test_dos_alloc_mem_exceeds_limit, not test1).unwrap() on results that could legitimately fail — use expect() with a message or proper assertions.file vendor/**/* samples/**/* 2>/dev/null | grep -vE 'text|directory|makefile|script|source|ELF|PE32|data' and flag anything unexpected.constants.rs for existing definitions before adding new ones.unsafe blocks must have a // SAFETY: comment explaining the invariant being upheld.[STUB] message and return a reasonable error code.println! in production paths — use the structured logging/trace macros already in the codebase.doscalls.rs, pm_win.rs, etc.), not in mod.rs or vcpu.rs.Look for structural problems that are not bugs today but become bugs or maintenance burdens tomorrow. Flag each with a [SMELL] prefix.
Dead and redundant code
use imports that are never referenced — prefer outright deletion over #[allow(dead_code)].#[allow(...)] suppressions that paper over a real problem; prefer fixing the root cause.Complexity and readability
do_thing(true)) — prefer an enum or two named functions.is_not_valid where is_invalid would be clearer).Error handling
unwrap() / expect() on values that originate from guest input or external I/O — must use ? or explicit error handling.let _ = ... or an empty Err(_) => {} arm when the failure is meaningful.APIRET) with Rust Result without a clear conversion boundary.Warpine-specific smells
SharedState sub-locks in the documented order (memory → handles → dll → window → socket) to prevent deadlock; flag any deviation.struct field beyond the duration of a single API call — a stored raw guest address is stale after any guest reallocation.Arc::clone on a manager inside a hot VMEXIT path without a clear need — prefer passing a borrow.regs.rax written more than once in a single handler — only the last write counts; earlier ones are dead.Abstraction and coupling
mod.rs / vcpu.rs growing new business logic — it belongs in a domain module.super::super:: path — signals missing abstraction boundary.SharedState fields added without a corresponding Arc<Mutex<...>> wrapper when the field is accessed from multiple threads.CLAUDE.md — Update the API entry point count and any architecture notes that changed.doc/TODOs.md — Remove completed items; add any newly discovered gaps.CHANGELOG.md — Confirm there is an entry for the change under [Unreleased].doc/developer_guide.md — Update test counts if new tests were added.Present findings as a structured list grouped by category. For each finding include:
[SECURITY: Critical/High/Medium/Low]Conclude with a summary table:
| Category | Issues Found |
|---|---|
| Correctness | N |
| Security | N |
| Test coverage | N |
| Clean-room | N |
| Style | N |
| Code smells | N |
| Documentation | N |
If no issues are found in a category, write ✓ Clean.
Do not make any edits during the review pass. Present the full report first and wait for the user to confirm which findings to act on.