Ground-up audit

Kinogaki — issue tracker

Every component, audited against six criteria — completeness, tests, separation of concerns, verb-named functions, file size, and organization. Findings are tracked here and per component below.

Ground-up audit of 2026-06-20. Every component was read against six criteria — completeness · tests · separation of concerns · verb-named functions · file size (<1000 lines) · organization. Every component builds clean (-Wall -Wextra) and its existing tests pass; the findings are about coverage, completeness, and polish, not regressions.

Scoreboard

| component | health | HIGH | MED | LOW | |-----------|--------|-----:|----:|----:| | core | ✅ re-audited + all issues fixed (158 cases / 757 checks) | 0 | 0 | 8 | | codecs | well-factored; doc drift + nested-list gap | 1 | 3 | 6 | | platform | disciplined + clean layering; testable OS-logic uncovered | 0 | 2 | 6 | | ui | healthiest library; some orphaned/untested logic | 0 | 2 | 4 | | cli | small + clean; usage/format-name bug + coverage gaps | 0 | 3 | 6 | | server | cleanly layered; tools report success without validating | 0 | 3 | 5 | | editor | clean architecture; zero tests, logic trapped in headers | 2 | 3 | 4 | | site | tight renderer; HTML-injection + zero tests | 2 | 2 | 4 | | python | joyful API; only ~⅔ of the C ABI bound, silent failures | 3 | 5 | 4 | | total | | 8 | 23 | 47 |

Cross-cutting themes

Fix these patterns, not just individual instances.

1. Testing is the weakest axis, everywhere — the dominant risk

The C ABI (the whole cross-language boundary) exercises ~17 of ~50 functions; the editor has no test harness at all and its testable logic is trapped in header-only units; the site renderer has no tests for trivially-testable pure logic; and platform/ui/cli/server all leave headlessly-testable logic uncovered (Cocoa key tables, UI layout/tessellation math, CLI flags, 11 of 16 server tools).

2. Silent failure-swallowing — correctness risk that also hides the gaps above

server connect/disconnect/rename_prim report success without validating; python mutators discard the C bool return; site writes rawHtml + hrefs unsanitized (HTML/JS injection); editor discards save/open results; codecs decode() ignores its ParseError*.

3. Stale rename leftovers

PRISMAPLATFORM_* / PRISMAUI_* identifiers still in CMakeLists; orphaned pre-rename build binaries in working trees; a tracked .DS_Store in editor.

4. Documentation / README drift

codecs README documents only json; cli usage advertises a format name its parser rejects; core has a stale test count and a TimeSamples.h comment calling a fully-implemented feature a stub; server README drift.

5. Completeness gaps (mostly honest/known holes)

python: evaluator + node-registry unbound, geometry-array accessors unbound, matrix/spectrum write-only (~⅓ of the C ABI invisible). codecs: markdown nested lists claimed but unsupported. core: a dead "v1 package still reads" branch.

6. File size — the only nearly-clean criterion

Only core/src/Serialize.cpp (1185 lines) exceeds the 1000-line limit; it fuses the text writer, lexer, and parser and should split into writer / reader.

Suggested order of attack

1. Quick wins / correctness — sanitize site HTML output, stop swallowing returns (server, python, editor, codecs), fix the cli format-name usage bug.
2. Close the test floor — hoist editor logic out of headers + add a test target, add site render tests, expand the core C-ABI suite, bind the rest of the C ABI in python.
3. Polish — split Serialize.cpp, finish the rename sweep, reconcile every README with reality, remove dead branches/orphaned widgets.