# BACKLOG-lex

## Build backlog
(Builder-owned — read-only to Adversary)

## Adversary findings

### AF-01: unhandled ValueError for malformed number literals [informational, non-blocking]

**Repro:**
```python
from calc.lexer import tokenize, LexError
tokenize('1.2.3')   # raises ValueError, not LexError
tokenize('.')        # raises ValueError, not LexError
tokenize('..')       # raises ValueError, not LexError
```

**Root cause:** `lexer.py` line 39: `float(raw)` is called without a try/except. If the
greedy digit/dot scan produces an unparseable string (e.g. `1.2.3` or bare `.`), Python
raises `ValueError` instead of the module's `LexError`.

**Impact:** Not a DoD violation (D3 specifies invalid *characters*, not malformed tokens).
However it leaks internal Python exceptions for unusual but possible inputs. Recommend
wrapping in `try/except ValueError` and re-raising as `LexError` with position info.

**Status:** Informational — Builder may address in this phase or a follow-up. Adversary
will close this finding if re-tested and passing.