Goldfinch / Security & Quality Audit

Independent multi-agent review · main @ 52cc9e2

18 verified findings. One of them lets a least-privileged key become admin.

Three AI agents swept the Goldfinch codebase in parallel; every finding below was then independently re-traced against source before it was written down. The report is organized the way the codebase thinks about itself — by trust boundary. Nothing here is speculative pattern-matching: each card carries the exact file, the offending lines, a concrete trigger, and a suggested fix.

18
Verified findings
1
High — trust-model break
11
Medium — correctness / fail-open
6
Low — robustness / UX

Where the findings land

Bugs cluster at the seams between trust domains. Click any dot to jump to its finding.

Severity
No findings match the current filter.

How this was produced

Agent · security & IPC
codex · gpt-5.6-sol
Automation surface, internal-IPC gating, URL allow-lists, CDP locks, the serialize mutex, the will-navigate / trusted-createTab boundary.
Agent · logic & renderer
codex · gpt-5.6-terra
Pure src/shared decision modules, the settings store's validate / normalize path, and renderer focus / tab-type / dispatch state machines.
Agent · privacy engine
grok · grok-4.5 · high
Cookie-jar migration, Shields config & strip pipeline, the eTLD+1 tracker heuristic, download-path safety, the menu-overlay lifecycle.

The three agents ran read-only and in parallel against a live dev:automation instance. Their raw output was not trusted verbatim — an orchestrator (Claude Fable) re-opened every cited file and traced each data flow end-to-end, promoting a finding only when the code path was unambiguous. Several agent claims were downgraded or reframed in this pass (for example, the page-context editFlags gap is real but the guest re-checks edit state at execution, so it is filed Low rather than Medium).

  1. Boot the app with the automation surface bound to loopback; mint an admin + jar key.
  2. Fan out three scoped, non-overlapping hunts so no two agents audit the same lines.
  3. Re-trace each reported finding against source; confirm the exact trigger and blast radius.
  4. Rank by the real security/reliability model, not by the agent's self-assigned label.