Skip to content

wizai2#1

Open
KBryan wants to merge 5 commits into
masterfrom
fix/update
Open

wizai2#1
KBryan wants to merge 5 commits into
masterfrom
fix/update

Conversation

@KBryan

@KBryan KBryan commented Mar 30, 2026

Copy link
Copy Markdown
Owner

wizai2 - major update

KBryan added 5 commits March 29, 2026 22:14
wizai2 - major update
- Full Leptos/WASM SPA dashboard
- AI Copilot panel with chat interface and streaming
- Lead Pipeline with Kanban board and drag-and-drop
- CMA Widget with PDF export functionality
- Market Intelligence module with trends and charts
- Communication Hub with draft approval workflow
- Address autocomplete for property search
- Loading skeletons and toast notifications
- REST API and WebSocket clients
- OpenSpec artifacts for change management
- Simplified app.rs with working Leptos components
- Fixed all compilation errors in cma/, leads/, comms/, market/ modules
- Removed complex dependencies causing build failures
- Added working Cargo.toml with proper features
- Using CDN Tailwind CSS instead of build process
- Build outputs to dist/ directory

The dashboard now compiles successfully and includes:
- Home page with dashboard cards
- Leads Pipeline (Kanban board)
- CMA Generator with price recommendations
- Market Intelligence with area data
- Communication Hub with draft table

Dashboard accessible at http://localhost:8080
@KBryan

KBryan commented Apr 17, 2026

Copy link
Copy Markdown
Owner Author

README Update

Updated the README.md to comprehensively document the full project, addressing the feedback to review and update the README.

Changes Made

  • Added project overview with clear separation between the two systems: Spree Agent Framework (wizai2/) and DAppWiz Code Generator (src/)
  • Documented all wizai2 features including hierarchical agent system, Venice AI integration, SQLite memory, WebSocket API, Leptos/WASM dashboard, MCP client, web scraping, payment system, skills system, and compliance/audit
  • Added architecture diagram showing the layered system (UI -> Axum Server -> Core System)
  • Included project structure with descriptions of every major directory and module
  • Added API endpoints reference with tables for Agents, Organization, and WebSocket messages
  • Added configuration section with environment variables table
  • Documented dashboard features (Home, Leads Pipeline, CMA Generator, Market Intelligence, Communication Hub, AI Copilot)
  • Added links to all documentation files (API Reference, Examples, CLI Generator, Tutorial, Quick Reference)
  • Removed outdated instructions about manually removing code fences from generated output
  • Added Quick Start sections for both the Spree Agent Framework and the DAppWiz Code Generator

Commit: f968854

@KBryan KBryan mentioned this pull request Apr 17, 2026
@KBryan

KBryan commented Jun 20, 2026

Copy link
Copy Markdown
Owner Author

PR Review: wizai2

PR: #1 | Author: kwame.eth | Branch: fix/update → master
Files changed: 300 | Additions: +68,859 | Deletions: -48
Merge Status: CLEAN | Checks: None reported


Summary

This PR is a monolithic addition of the wizai2 module (134 new files), a Leptos UI (45 files), OpenCode skills/commands/plans (75 files), and documentation. It also performs a mechanical migration from OpenAI to Venice AI and converts absolute paths to relative paths.

The PR is effectively unreviewable at this scale. 300 files and 68,000+ additions with only 48 deletions means this is a bulk import rather than an iterative change. Security-sensitive code (code execution, web scraping) was added without sufficient safety validation.


Findings

CRITICAL

  • wizai2/src/tools/code_exec.rs — Trivially bypassable command safety
    The check_command_safety function uses simple substring matching against a lowercase command string. This is trivial to bypass:
    • r\x6d -rf / or rm -- -rf / bypasses the rm -rf ban
    • bash -c 'echo "rm -rf /" | sh' or any encoding/quoting bypasses substring checks
    • The BANNED_COMMANDS list is incomplete (no shred, chmod -R 000, network exfiltration, etc.)
    • There is no sandboxing — code runs directly on the host with the agent's privileges
    • Recommendation: Replace substring checks with a proper allowlist approach (only permit specific safe commands) or run all code execution in isolated containers (Docker, Firejail, nsjail). Never accept arbitrary shell commands with only substring blocklists.

WARNING

  • PR size makes secure review impossible
    300 files and 68,000 additions cannot be meaningfully reviewed in a single pass. The new wizai2 module contains security-sensitive tooling (code execution, web scraping, subordinate agent spawning) that requires careful scrutiny. Bulk-importing this much code defeats code review as a security control.

    • Recommendation: Split this into smaller PRs: (1) Venice AI migration + path fixes, (2) wizai2 core module, (3) UI, (4) OpenCode skills/docs.
  • No tests for the new wizai2 module
    The sampled files in wizai2/src/tools/ and wizai2/src/webscraping/ show no unit tests, integration tests, or fuzz tests. Security-sensitive code (command execution, HTTP client) should have comprehensive test coverage.

    • Recommendation: Add tests for code_exec.rs (including safety bypass attempts), registry.rs, and webscraping/client.rs.
  • Existing tests ignored rather than fixed
    agent_architect.rs, agent_backend.rs, and managing_agent.rs had #[ignore = "Requires Venice AI API key"] added. Ignoring tests is a code smell — if the tests require an API key, mock the API client or use test-only credentials.

    • Recommendation: Refactor to accept an API client trait so tests can use a mock, rather than ignoring them.
  • validate_working_dir path traversal risk
    If canonicalize() fails (e.g., path doesn't exist yet), the function falls back to the non-canonical dir.clone(), which may not start with canonical_root. A race condition or symlink attack could bypass this check.

    • Recommendation: Always require canonicalization before path validation. Use canonicalize() and fail hard if it returns an error.
  • Subordinate agent system prompt generation
    generate_role_prompt in subordinate.rs constructs system prompts via format!() with user-influenced name and role values. While this appears safe in the current implementation, if extended to accept arbitrary prompt text, it could become a prompt injection vector.

    • Recommendation: Validate and sanitize any user input that flows into system prompts.

SUGGESTION

  • Venice AI migration is mechanically correct
    The changes in src/apis/call_request.rs and src/helpers/general.rs to switch from OpenAI to Venice AI are straightforward and appear correct. The header change from "authorization" to "Authorization" is also a good fix.

  • Relative path changes are an improvement
    Removing hardcoded /Users/kwamebryan/... paths in favor of relative paths makes the project more portable.

  • Web scraping client has good structure
    webscraping/client.rs shows thoughtful design with provider abstraction, rate limiting, caching, and configurable timeouts. However, it needs tests.


Verdict

Request Changes

The code execution safety issue is a blocking concern. The PR size makes it impossible to provide confidence that no other critical issues exist. I recommend:

  1. Split this PR into logical chunks (migration, core module, UI, docs)
  2. Fix code_exec.rs safety with an allowlist or sandbox approach
  3. Add tests for all security-sensitive new code
  4. Un-ignore tests by mocking the API dependency

Reviewer model: kimi-k2-6 | This review was generated by Agent Zero PR Review. Advisory only.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant