AntFleet

Anatomy · 18907f89-1

`notify` immediate-delivery dedup writes hash before delivery is confirmed, causing silent message loss when sandbox blocks curl

mediumdata-loss
repo 6f7fc663·PR #31·reviewed 1 week ago

The vulnerable code

.github/workflows/aeon.yml:226-236

Code snippet unavailable.

The reasoning

Opus

`notify` immediate-delivery dedup writes hash before delivery is confirmed, causing silent message loss when sandbox blocks curl

mediumdata-losshigh
  • .github/workflows/aeon.yml:226-236
  • .github/workflows/aeon.yml:553-562
The notify script writes the hash to .notify-sent-hashes BEFORE attempting delivery. If Claude calls ./notify but all transports fail (sandbox blocks curl — the documented reason for the .pending-notify/ fallback), the message is saved to .pending-notify/<TS>.md AND the hash is in the dedup file. In the post-run 'Send pending notifications' step, the hash check then skips redelivery because the hash is already in HASH_FILE, so the message is permanently dropped. The comment says 'Dedup against messages already sent by ./notify inline' but the hash file does not record whether delivery actually succeeded.

Recommendation

Only append the hash to HASH_FILE when DELIVERED=true (move the `printf '%s\n' "$HASH" >> $HASH_FILE` to after the success block). Alternatively, track delivered hashes in a separate file from attempted hashes.

GPT-5

Output unavailable for this row.

The agreement

Both frontier models flagged this within the same line range. AntFleet's unanimous gate fired — the finding posted on the PR.

Closure

Tweet thread template

tweet 1 of 8217 / 280

Two frontier models reviewed PR #31 on 6f7fc663. Both found this bug: medium data-loss: `notify` immediate-delivery dedup writes hash before delivery is confirmed, causing silent message loss when sandbox blocks curl

tweet 2 of 8120 / 280

The vulnerable code (.github/workflows/aeon.yml:226-236): (full snippet at https://www.antfleet.dev/anatomy/18907f89-1)

tweet 3 of 8280 / 280

What Opus saw: "The notify script writes the hash to .notify-sent-hashes BEFORE attempting delivery. If Claude calls ./notify but all transports fail (sandbox blocks curl — the documented reason for the .pending-notify/ fallback), the message is saved to .pending-notify/<TS>.md…

tweet 4 of 837 / 280

What GPT-5 saw: "Output unavailable"

tweet 5 of 897 / 280

Both flagged the same line range. AntFleet's unanimous gate fired — the finding posted on the PR.

tweet 6 of 893 / 280

The fix landed in commit pending: (view diff at https://www.antfleet.dev/anatomy/18907f89-1)

tweet 7 of 881 / 280

AntFleet reviews every PR with two frontier models. Only unanimous findings post.

tweet 8 of 877 / 280

Full anatomy + reasoning + diffs: https://www.antfleet.dev/anatomy/18907f89-1

Paste into X composer one tweet at a time. X has no multi-tweet intent API.

view receipt →all receipts →view disagreements →case studies →