Shared memory and context tools for agentic work.
Code Rooms
{
"schema": "m1nd-bug-hunt-audit-result-v0",
"round_id": "bughunt-humanize-20260514T021500Z",
"lane_id": "audit-05",
"repo_path": "/Users/kle1nz/m1nd/.m1nd-field-workspaces/bughunt-humanize-20260514T021500Z/audit-05/humanize",
"findings": [
"title": "fractional() loses or corrupts the sign for negative fractions",
"severity": "high",
"file": "src/humanize/number.py",
"symbol": "fractional",
"cause": "The function splits the number with int(number), which truncates negative values toward zero, then takes abs(numerator) for values with no whole-number part and leaves a negative numerator for mixed fractions.",
"impact": "Negative inputs can be rendered as positive fractions, or as malformed mixed fractions such as '-1 -3/10'. This is a data-preservation bug because the sign and therefore the numeric meaning are changed or made ambiguous.",
"evidence": [
"src/humanize/number.py:370 computes whole_number = int(number)",
"src/humanize/number.py:379 returns abs(numerator) when whole_number is zero",
"src/humanize/number.py:382 formats the signed numerator directly for mixed fractions",
"focused probe: fractional(-0.3) -> '3/10'; fractional(-1.3) -> '-1 -3/10'; fractional('-8.9') -> '-8 -9/10'"
],
"reproduction_or_test": "uv run python - <<'PY'\nimport humanize\nassert humanize.fractional(-0.3) == '-3/10'\nassert humanize.fractional(-1.3) == '-1 3/10'\nPY",
"confidence": "high"
},
"title": "intcomma() does not group negative numbers",
"severity": "medium",
"symbol": "intcomma",
"cause": "After converting the value to text, grouping is applied with the regex ^(\\d+)(\\d{3}), which only matches strings beginning with digits. A leading '-' prevents every grouping pass.",
"impact": "Negative integers and floats are returned without thousands separators, including localized decimal strings after normalization. That breaks the function's core promise for a common numeric boundary.",
"src/humanize/number.py:167 builds orig = str(value)",
"src/humanize/number.py:172 uses a digit-only start anchor",
"tests/test_number.py:41-83 covers positive values and infinities but no finite negative intcomma inputs",
"focused probe: intcomma(-1000) -> '-1000'; intcomma(-1234567.89) -> '-1234567.89'; intcomma(-1234567, 2) -> '-1234567.00'"
"reproduction_or_test": "uv run python - <<'PY'\nimport humanize\nassert humanize.intcomma(-1000) == '-1,000'\nassert humanize.intcomma(-1234567.89) == '-1,234,567.89'\nPY",
"title": "ordinal() uses the wrong suffix for negative integers",
"symbol": "ordinal",
"cause": "Suffix selection uses value % 100 and value % 10 directly on signed integers. Python modulo for negatives does not produce the absolute last digits needed for ordinal suffix rules.",
"impact": "Negative ordinals are rendered incorrectly, for example '-1th', '-2th', '-3th', and '-21th'. The docstring says the function works for any integer, but tests only cover positive integers.",
"src/humanize/number.py:76 coerces input to int",
"src/humanize/number.py:105 checks value % 100",
"src/humanize/number.py:107 indexes suffixes with value % 10",
"tests/test_number.py:14-38 has no negative ordinal cases",
"focused probe: ordinal(-1) -> '-1th'; ordinal(-2) -> '-2th'; ordinal(-3) -> '-3th'; ordinal(-8) -> '-8nd'; ordinal(-21) -> '-21th'"
"reproduction_or_test": "uv run python - <<'PY'\nimport humanize\nassert humanize.ordinal(-1) == '-1st'\nassert humanize.ordinal(-2) == '-2nd'\nassert humanize.ordinal(-3) == '-3rd'\nassert humanize.ordinal(-21) == '-21st'\nPY",
"title": "naturalsize() crashes on NaN and assigns byte units to infinities",
"file": "src/humanize/filesize.py",
"symbol": "naturalsize",
"cause": "The function converts input with float(value) but never checks math.isfinite before taking logarithms, converting the exponent to int, and selecting a suffix.",
"impact": "NaN raises ValueError, while +inf and -inf are rendered as 'inf QB' and '-inf QB'. Other public numeric functions in this package return explicit non-finite sentinels such as 'NaN', '+Inf', and '-Inf', so this API is inconsistent and misleading for non-finite floats or strings.",
"src/humanize/filesize.py:90 converts value to float",
"src/humanize/filesize.py:99 computes int(min(log(abs_bytes, base), len(suffix))) without a finite check",
"tests/test_filesize.py:9-97 covers finite positive and negative values but no NaN or infinity cases",
"focused probe: naturalsize(math.nan) -> ValueError; naturalsize(math.inf) -> 'inf QB'; naturalsize(-math.inf) -> '-inf QB'"
"reproduction_or_test": "uv run python - <<'PY'\nimport humanize, math\nassert humanize.naturalsize(math.nan) == 'NaN'\nassert humanize.naturalsize(math.inf) == '+Inf'\nassert humanize.naturalsize(-math.inf) == '-Inf'\nPY",
"confidence": "medium"
"title": "time delta APIs leak OverflowError for infinite float inputs",
"file": "src/humanize/time.py",
"symbol": "naturaldelta, naturaltime, precisedelta",
"cause": "naturaldelta catches only ValueError and TypeError around int(value) and timedelta conversion, while int(math.inf) raises OverflowError. naturaltime and precisedelta route through _date_and_delta, which also catches only ValueError and TypeError around round(value) or timedelta construction.",
"impact": "Passing math.inf or -math.inf crashes naturaldelta(), naturaltime(), and precisedelta() instead of returning the input unchanged or a stable sentinel. This contradicts the naturaldelta return contract that non-convertible inf/nan values are returned unchanged, and it leaves public formatting APIs with inconsistent non-finite behavior.",
"src/humanize/time.py:112-116 documents returning the value unchanged when it cannot be converted because of 'inf' or 'nan'",
"src/humanize/time.py:148-153 catches only ValueError and TypeError in naturaldelta",
"src/humanize/time.py:86-91 catches only ValueError and TypeError in _date_and_delta",
"src/humanize/time.py:534-536 shows precisedelta relies on _date_and_delta for invalid input fallback",
"focused probe: naturaldelta(math.inf), naturaltime(math.inf), and precisedelta(math.inf) all raise OverflowError"
"reproduction_or_test": "uv run python - <<'PY'\nimport humanize, math\nfor func in (humanize.naturaldelta, humanize.naturaltime, humanize.precisedelta):\n func(math.inf)\n func(-math.inf)\nPY",
}
"commands_run": [
"sed -n '1,240p' /Users/kle1nz/m1nd/docs/benchmarks/bug-hunt-rounds/bughunt-humanize-20260514T021500Z/lane-prompts/audit-05.md",
"tool_search query='m1nd search seek audit impact surgical_context validate_plan repository investigation'",
"rg --files",
"git status --short",
"sed -n ... src/humanize/{number.py,time.py,filesize.py,lists.py,i18n.py,__init__.py}",
"sed -n ... tests/{test_number.py,test_time.py,test_filesize.py,test_i18n.py,test_lists.py}",
"sed -n '1,220p' pyproject.toml",
"uv run --extra tests pytest -q",
"rg -n 'negative|nan|inf|intcomma|fractional|naturalsize|minimum_unit|not finite' tests src docs README.md",
"uv run python edge probes for intcomma, fractional, naturalsize",
"uv run python focused assertion probe for ordinal/intcomma/fractional/naturalsize",
"uv run python infinity probes for naturaldelta/naturaltime/precisedelta",
"nl -ba source and test snippets for evidence line numbers",
"jq . lane-results/audit-05.json",
"python3 -m json.tool lane-results/audit-05.json",
"jq -c . event-streams/audit-05.jsonl"
"files_inspected": [
"pyproject.toml",
"README.md",
"src/humanize/__init__.py",
"src/humanize/filesize.py",
"src/humanize/i18n.py",
"src/humanize/lists.py",
"src/humanize/number.py",
"src/humanize/time.py",
"tests/test_filesize.py",
"tests/test_i18n.py",
"tests/test_lists.py",
"tests/test_number.py",
"tests/test_time.py"
"tests_run": [
"uv run --extra tests pytest -q -> 685 passed, 69 skipped in 0.64s",
"uv run python edge probes -> confirmed current outputs for negative intcomma/fractional and naturalsize NaN/Inf",
"uv run python focused assertion probe -> exit 1 with expected failures for negative ordinal suffixes, negative intcomma grouping, negative fractional signs, and naturalsize non-finite handling",
"uv run python infinity probes -> naturaldelta/naturaltime/precisedelta all raised OverflowError for +/-math.inf"
"m1nd_usage": [
"Attempted first-layer m1nd discovery through tool_search. The session exposed only a DEXT3R m1nd flash bridge, not a direct m1nd MCP surface.",
"Skipped the DEXT3R m1nd flash bridge because this chat's DEXT3R run_policy is manual_only and the human did not explicitly ask for DEXT3R operations.",
"Recorded the limitation in the event stream and verified final truth with direct repository files and runtime probes."
"final_notes": "No source patches, commits, pushes, or permanent tests were created. The assigned local repo workspace remained clean. I did not read operator-only files or modify /Users/kle1nz/m1nd source files. Findings are limited to the audited Python package and focused on concrete correctness/regression behavior with reproductions. The result JSON and event JSONL were validated after writing.",
"agent_testimony": "I read the assigned lane prompt, mapped the small public API surface, ran the full existing test suite, then targeted under-covered boundary classes: signed values, non-finite floats, and documented invalid-input fallbacks. The baseline suite passing was useful because each reported issue comes from a missing edge case rather than general test breakage. The main constraint was that direct m1nd MCP tooling was not exposed; I recorded that and relied on repo files, tests, and focused runtime probes.",