Concurrency Auditor (L3 Worker)
Specialized worker auditing concurrency and async patterns.
Purpose & Scope
- Worker in ln-620 coordinator pipeline
- Audit concurrency (Category 11: High Priority)
- Check race conditions, async/await, thread safety
- Calculate compliance score (X/10)
Inputs (from Coordinator)
Receives
with tech stack, language, codebase root.
Workflow
- Parse context
- Check concurrency patterns
- Collect findings
- Calculate score
- Return JSON
Audit Rules
1. Race Conditions
What: Shared state modified without synchronization
Detection Patterns:
| Language | Pattern | Grep |
|---|
| Python | Global modified in async | inside |
| TypeScript | Module-level let in async | at file scope + async function modifies it |
| Go | Map access without mutex | without in same file |
| All | Shared cache | or without lock |
Severity:
- CRITICAL: Race in payment/auth (, , , in variable name)
- HIGH: Race in user-facing feature
- MEDIUM: Race in background job
Recommendation: Use locks, atomic operations, message queues
Effort: M-L
2. Missing Async/Await
What: Callback hell or unhandled promises
Detection Patterns:
| Issue | Grep | Example |
|---|
| Callback hell | \.then\(.*\.then\(.*\.then\(
| |
| Fire-and-forget | not preceded by | without await |
| Missing await | in async function | Should just or value |
| Dangling promise | | Empty catch swallows errors |
Severity:
- HIGH: Fire-and-forget async (can cause data loss)
- MEDIUM: Callback hell (hard to maintain)
- LOW: Mixed Promise styles
Recommendation: Convert to async/await, always await or handle promises
Effort: M
3. Resource Contention
What: Multiple processes competing for same resource
Detection Patterns:
| Issue | Grep | Example |
|---|
| File lock missing | without or | Concurrent file writes |
| Connection exhaustion | create_engine\(.*pool_size
| DB pool too small |
| Concurrent writes | or without lock check | File corruption risk |
Severity:
- HIGH: File corruption risk, DB exhaustion
- MEDIUM: Performance degradation
Recommendation: Use connection pooling, file locking,
Effort: M
4. Thread Safety Violations
What: Shared mutable state without synchronization
Detection Patterns:
| Language | Safe Pattern | Unsafe Pattern |
|---|
| Go | with map | without Mutex in same struct |
| Rust | | in multi-threaded context |
| Java | or | shared between threads |
| Python | | Global dict modified in threads |
Grep patterns:
- Go unsafe:
type.*struct\s*{[^}]*map\[
- Python unsafe: in function + in same file
Severity: HIGH (data corruption possible)
Recommendation: Use thread-safe primitives
Effort: M
5. Deadlock Potential
What: Lock acquisition in inconsistent order
Detection Patterns:
| Issue | Grep | Example |
|---|
| Nested locks | with\s+\w+_lock:.*with\s+\w+_lock:
| Lock A then Lock B |
| Lock in loop | | Lock acquired repeatedly without release |
| Lock + external call | followed by or | Holding lock during I/O |
Severity: HIGH (deadlock freezes application)
Recommendation: Consistent lock ordering, timeout locks (
)
Effort: L
6. Blocking I/O in Event Loop (Python asyncio)
What: Synchronous blocking calls inside async functions
Detection Patterns:
| Blocking Call | Grep in | Replacement |
|---|
| inside async def | |
| inside async def | or |
| file | inside async def | |
Severity:
- HIGH: Blocks entire event loop
- MEDIUM: Minor blocking (<100ms)
Recommendation: Use async alternatives
Effort: S-M
Scoring Algorithm
See
shared/references/audit_scoring.md
for unified formula and score interpretation.
Output Format
json
{
"category": "Concurrency",
"score": 7,
"total_issues": 4,
"critical": 0,
"high": 2,
"medium": 2,
"low": 0,
"checks": [
{"id": "race_conditions", "name": "Race Conditions", "status": "passed", "details": "No shared state modified without synchronization"},
{"id": "missing_await", "name": "Missing Await", "status": "failed", "details": "2 fire-and-forget async calls found"},
{"id": "resource_contention", "name": "Resource Contention", "status": "warning", "details": "DB pool_size=3 may be insufficient"},
{"id": "thread_safety", "name": "Thread Safety", "status": "passed", "details": "All shared state properly synchronized"},
{"id": "deadlock_potential", "name": "Deadlock Potential", "status": "passed", "details": "No nested locks or inconsistent ordering"},
{"id": "blocking_io", "name": "Blocking I/O", "status": "failed", "details": "time.sleep in async context"}
],
"findings": [
{
"severity": "HIGH",
"location": "src/services/payment.ts:45",
"issue": "Shared state 'balanceCache' modified without synchronization",
"principle": "Thread Safety / Concurrency Control",
"recommendation": "Use mutex or atomic operations for balanceCache updates",
"effort": "M"
}
]
}
Reference Files
- Audit scoring formula:
shared/references/audit_scoring.md
- Audit output schema:
shared/references/audit_output_schema.md
Version: 3.0.0
Last Updated: 2025-12-23