wizai2

[KBryan]

wizai2 - major update

[KBryan]

README Update

Updated the README.md to comprehensively document the full project, addressing the feedback to review and update the README.

Changes Made

• Added project overview with clear separation between the two systems: Spree Agent Framework (wizai2/) and DAppWiz Code Generator (src/)
• Documented all wizai2 features including hierarchical agent system, Venice AI integration, SQLite memory, WebSocket API, Leptos/WASM dashboard, MCP client, web scraping, payment system, skills system, and compliance/audit
• Added architecture diagram showing the layered system (UI -> Axum Server -> Core System)
• Included project structure with descriptions of every major directory and module
• Added API endpoints reference with tables for Agents, Organization, and WebSocket messages
• Added configuration section with environment variables table
• Documented dashboard features (Home, Leads Pipeline, CMA Generator, Market Intelligence, Communication Hub, AI Copilot)
• Added links to all documentation files (API Reference, Examples, CLI Generator, Tutorial, Quick Reference)
• Removed outdated instructions about manually removing code fences from generated output
• Added Quick Start sections for both the Spree Agent Framework and the DAppWiz Code Generator

Commit: f968854

[KBryan]

PR Review: wizai2

PR: #1 | Author: kwame.eth | Branch: fix/update → master
Files changed: 300 | Additions: +68,859 | Deletions: -48
Merge Status: CLEAN | Checks: None reported

---

Summary

This PR is a monolithic addition of the wizai2 module (134 new files), a Leptos UI (45 files), OpenCode skills/commands/plans (75 files), and documentation. It also performs a mechanical migration from OpenAI to Venice AI and converts absolute paths to relative paths.

The PR is effectively unreviewable at this scale. 300 files and 68,000+ additions with only 48 deletions means this is a bulk import rather than an iterative change. Security-sensitive code (code execution, web scraping) was added without sufficient safety validation.

---

Findings

CRITICAL

• wizai2/src/tools/code_exec.rs — Trivially bypassable command safety
  The check_command_safety function uses simple substring matching against a lowercase command string. This is trivial to bypass:
  • r\x6d -rf / or rm -- -rf / bypasses the rm -rf ban
  • bash -c 'echo "rm -rf /" | sh' or any encoding/quoting bypasses substring checks
  • The BANNED_COMMANDS list is incomplete (no shred, chmod -R 000, network exfiltration, etc.)
  • There is no sandboxing — code runs directly on the host with the agent's privileges
  • Recommendation: Replace substring checks with a proper allowlist approach (only permit specific safe commands) or run all code execution in isolated containers (Docker, Firejail, nsjail). Never accept arbitrary shell commands with only substring blocklists.

WARNING

• PR size makes secure review impossible
  300 files and 68,000 additions cannot be meaningfully reviewed in a single pass. The new wizai2 module contains security-sensitive tooling (code execution, web scraping, subordinate agent spawning) that requires careful scrutiny. Bulk-importing this much code defeats code review as a security control.

  • Recommendation: Split this into smaller PRs: (1) Venice AI migration + path fixes, (2) wizai2 core module, (3) UI, (4) OpenCode skills/docs.

• No tests for the new wizai2 module
  The sampled files in wizai2/src/tools/ and wizai2/src/webscraping/ show no unit tests, integration tests, or fuzz tests. Security-sensitive code (command execution, HTTP client) should have comprehensive test coverage.

  • Recommendation: Add tests for code_exec.rs (including safety bypass attempts), registry.rs, and webscraping/client.rs.

• Existing tests ignored rather than fixed
  agent_architect.rs, agent_backend.rs, and managing_agent.rs had #[ignore = "Requires Venice AI API key"] added. Ignoring tests is a code smell — if the tests require an API key, mock the API client or use test-only credentials.

  • Recommendation: Refactor to accept an API client trait so tests can use a mock, rather than ignoring them.

• validate_working_dir path traversal risk
  If canonicalize() fails (e.g., path doesn't exist yet), the function falls back to the non-canonical dir.clone(), which may not start with canonical_root. A race condition or symlink attack could bypass this check.

  • Recommendation: Always require canonicalization before path validation. Use canonicalize() and fail hard if it returns an error.

• Subordinate agent system prompt generation
  generate_role_prompt in subordinate.rs constructs system prompts via format!() with user-influenced name and role values. While this appears safe in the current implementation, if extended to accept arbitrary prompt text, it could become a prompt injection vector.

  • Recommendation: Validate and sanitize any user input that flows into system prompts.

SUGGESTION

• Venice AI migration is mechanically correct
  The changes in src/apis/call_request.rs and src/helpers/general.rs to switch from OpenAI to Venice AI are straightforward and appear correct. The header change from "authorization" to "Authorization" is also a good fix.

• Relative path changes are an improvement
  Removing hardcoded /Users/kwamebryan/... paths in favor of relative paths makes the project more portable.

• Web scraping client has good structure
  webscraping/client.rs shows thoughtful design with provider abstraction, rate limiting, caching, and configurable timeouts. However, it needs tests.

---

Verdict

Request Changes

The code execution safety issue is a blocking concern. The PR size makes it impossible to provide confidence that no other critical issues exist. I recommend:

1. Split this PR into logical chunks (migration, core module, UI, docs)
2. Fix code_exec.rs safety with an allowlist or sandbox approach
3. Add tests for all security-sensitive new code
4. Un-ignore tests by mocking the API dependency

---

Reviewer model: kimi-k2-6 | This review was generated by Agent Zero PR Review. Advisory only.