AntFleet

Anatomy · cdf9ffa0-1

postprocess-admanage-create: ad sets with only campaignId (no parentCampaignConfigName) are not written to state

highbugclosed in 4b9b492
repo 6f7fc663·PR #4·reviewed 1 week ago·closed 1 week ago

The vulnerable code

scripts/postprocess-admanage-create.sh:121-123

121  cfg_name=$(echo "$payload" | jq -r '.name')
122  parent_name=$(echo "$payload" | jq -r '.parentCampaignConfigName // empty')
123  campaign_id_in_payload=$(echo "$payload" | jq -r '.campaignId // empty')

The reasoning

Opus

Ad-set log line prints empty parent name when campaignId was supplied directly

lowmaintainabilityhigh
  • scripts/postprocess-admanage-create.sh:128
When an ad set's payload has a real campaignId (i.e. it is not the __RESOLVE_FROM_PARENT__ sentinel and parentCampaignConfigName may be empty per the SKILL spec, step 6: 'If the parent campaign was *existing* ..., write the real campaign ID directly and drop the sentinel'), parent_name will be the empty string. The log line will read 'creating ad set 'X' under ...' with a trailing 'under '. Also, the subsequent state append uses `select(.configName == $parent)` with parent_name='' and will silently match no campaign in state, so the ad set succeeds at the API but is NEVER recorded in .admanage-state/campaigns.json. That is a real data-tracking bug (see separate finding), but the misleading log itself is also a maintainability issue.

Recommendation

Derive parent_name for logging from the resolved campaign_id (reverse lookup in NAME_TO_ID or state) when the payload supplies campaignId directly, or fall back to a literal string like '(existing campaign $campaign_id_in_payload)'.

GPT-5

postprocess-admanage-create: ad sets with only campaignId (no parentCampaignConfigName) are not written to state

highbughigh
  • scripts/postprocess-admanage-create.sh:121-123
  • scripts/postprocess-admanage-create.sh:126-143
  • scripts/postprocess-admanage-create.sh:166-171
The script allows an ad-set payload to include a direct campaignId without a parentCampaignConfigName. In that case, parent_name is empty and the state update selects no campaign (select(.configName == $parent)), so the created ad set is never appended to .admanage-state/campaigns.json. This contradicts the stated purpose of appending new ad-set IDs and can lead to duplicate provisioning on subsequent runs because state does not reflect reality.

Recommendation

When parentCampaignConfigName is absent, derive the parent for state updates by: (a) reverse-mapping campaignId to configName from STATE_FILE (build an ID->configName map alongside NAME_TO_ID), or (b) store ad sets under the campaignId key in state when configName is unavailable. Alternatively, require parentCampaignConfigName for all ad-set payloads and skip with an explicit error if missing.

The agreement

Both frontier models flagged this within the same line range. AntFleet's unanimous gate fired — the finding posted on the PR. Closed in 4b9b492.

The fix

121  cfg_name=$(echo "$payload" | jq -r '.name')
122  parent_name=$(echo "$payload" | jq -r '.parentCampaignConfigName // empty')
123  campaign_id_in_payload=$(echo "$payload" | jq -r '.campaignId // empty')

Closure

Closed 1 week ago

SHA: 4b9b49251c8c9808bf147d55aa2930352af2e8c0

View closure receipt on GitHub →

Tweet thread template

tweet 1 of 8192 / 280

Two frontier models reviewed PR #4 on 6f7fc663. Both found this bug: high bug: postprocess-admanage-create: ad sets with only campaignId (no parentCampaignConfigName) are not written to state

tweet 2 of 8132 / 280

The vulnerable code (scripts/postprocess-admanage-create.sh:121-123): (full snippet at https://www.antfleet.dev/anatomy/cdf9ffa0-1)

tweet 3 of 8280 / 280

What Opus saw: "When an ad set's payload has a real campaignId (i.e. it is not the __RESOLVE_FROM_PARENT__ sentinel and parentCampaignConfigName may be empty per the SKILL spec, step 6: 'If the parent campaign was *existing* ..., write the real campaign ID directly and drop the…

tweet 4 of 8280 / 280

What GPT-5 saw: "The script allows an ad-set payload to include a direct campaignId without a parentCampaignConfigName. In that case, parent_name is empty and the state update selects no campaign (select(.configName == $parent)), so the created ad set is never appended to .adma…

tweet 5 of 897 / 280

Both flagged the same line range. AntFleet's unanimous gate fired — the finding posted on the PR.

tweet 6 of 893 / 280

The fix landed in commit 4b9b492: (view diff at https://www.antfleet.dev/anatomy/cdf9ffa0-1)

tweet 7 of 881 / 280

AntFleet reviews every PR with two frontier models. Only unanimous findings post.

tweet 8 of 877 / 280

Full anatomy + reasoning + diffs: https://www.antfleet.dev/anatomy/cdf9ffa0-1

Paste into X composer one tweet at a time. X has no multi-tweet intent API.

view receipt →all receipts →view disagreements →case studies →