macOS AI App Audit

Active session · FastAPI + SwiftUI stack

Audit Complete

183 / 295 issues resolved

10:30

AM

FastAPI Endpoint Deadlock

Fixed async lock issue in /api/inference route — async_engine.py:142

12:15

PM

SwiftUI Memory Leak Found

WebSocket delegate not released on view dismiss — ChatView.swift

2:00

PM

SQLite WAL Corruption

Concurrent write conflict under load — reproduced in db_service.py:203

4:45

PM

IPC Bridge Null Pointer

Swift XPC service crashes on cold start — IPCBridge.swift:88

FastAPI Backend

2 critical · 8 warnings

SwiftUI Frontend

7 critical · 31 warnings

SQLite Persistence

3 critical · 12 warnings

P0

Inference API Deadlock

FastAPI · async_engine.py:142 · Deadlock on concurrent requests

P0

SwiftUI Crash on Launch

AppDelegate.swift:88 · XPC service nil dereference

P1

WebSocket Reconnect Loop

ws_manager.py:67 · Infinite retry on auth failure

P1

SQLite Write Corruption

db_service.py:203 · WAL checkpoint race condition

P1

Memory Spike on AI Response

model_runner.py:89 · Tensor not released post-inference

Inference API Deadlock

P0 · FastAPI · async_engine.py:142

L:142

asyncio.Lock acquired

async_engine.py — lock not released on exception path

L:156

Deadlock entry point

Concurrent requests both waiting on same lock indefinitely

Fix Confidence

Root cause identified

Backend Reviewed

42 / 54 files audited

HIGH

Unhandled async exceptions

routers/inference.py — missing try/except in async route handlers

HIGH

No rate limiting on stream

/api/stream endpoint open to flooding — no FastAPI middleware

MED

Hardcoded API keys

model_config.py:12 — credentials in source, not env vars

Frontend Reviewed

28 / 55 files audited

HIGH

@MainActor violations

NetworkService.swift — UI state updates from background thread

HIGH

Retain cycle in closures

ChatViewModel.swift:67 — [weak self] missing in escaping closure

MED

XPC error handling absent

IPCBridge.swift — no fallback when XPC service crashes on start

Persistence Reviewed

17 / 20 files audited

HIGH

No transaction rollback

db_service.py:203 — writes non-atomic, partial state possible on crash

MED

Missing index on queries

conversation_store.py — full table scan on message history lookup

LOW

VACUUM not scheduled

Database grows unbounded — no periodic maintenance task

IPC Integration Layer

Python backend ↔ macOS Swift client bridge

ERROR

XPC Bootstrap Race

Swift XPC listener not ready before Python client connects on cold start

WARN

Message Queue Overflow

Async queue backs up when AI inference exceeds 5s response time

INFO

No Reconnect Logic

IPC socket drops silently — no retry strategy implemented

WS Stability Score

12 known issues · 5 critical

P0

Disconnect Not Cleaned Up

ws_manager.py:67 — stale handlers accumulate on client drop

P1

No Heartbeat / Ping-Pong

Long idle connections drop silently without detection logic

Fix Sprint #3

Apr 7–11 2026 · 12 fixes targeted

Sprint Progress

8 of 12 fixes merged

DONE

Fixed: async lock deadlock

async_engine.py — proper exception handling with finally block added

DONE

Fixed: WebSocket cleanup

ws_manager.py — disconnect handler now releases all resources

WIP

In Progress: retain cycles

ChatViewModel.swift — [weak self] audit and patch underway

BLOCKED

Blocked: XPC redesign

Requires architectural decision on IPC protocol choice

Overall Resolution

183 of 247 issues closed

TOP

Async exception handling

Highest impact fix area — 23 related bugs resolved in FastAPI layer

TOP

SwiftUI memory management

7 retain cycles patched — crash frequency reduced by 80%

3 Critical Areas Remain

XPC redesign · Rate limiting · DB atomicity

NOW

Redesign XPC error recovery

Implement reconnect + retry strategy for IPC bridge stability

NOW

Add API rate limiting

FastAPI middleware for /api/stream — throttle to 10 req/s per client

SOON

Atomic DB transactions

Wrap all multi-step writes in BEGIN/COMMIT with rollback hooks

SOON

Integration test suite

Contract tests covering Python-Swift IPC round-trips end-to-end