AntFleet

Anatomy · eba8958d-0

ConfigAssistantPanel error path leaves user message in history with no assistant reply and no rollback

lowbug
repo df3ede3f·PR #2·reviewed 1 week ago

The vulnerable code

app/src/components/channels/mcp/ConfigAssistantPanel.tsx:41-78

Code snippet unavailable.

The reasoning

Opus

ConfigAssistantPanel error path leaves user message in history with no assistant reply and no rollback

lowbughigh
  • app/src/components/channels/mcp/ConfigAssistantPanel.tsx:41-78
On a failed configAssist call, the user message is already appended to messages and the input is cleared. The error is shown, but the user has no way to retry without re-typing — and on the next send the failed user message is still included in the history sent to the server, with no assistant turn in between. This violates the request/response shape that most LLM endpoints expect (alternating user/assistant) and can confuse the backend or the next call's history validation.

Recommendation

Either (a) roll back the user message on failure, or (b) keep it but allow retry that does not re-append the same user message. Optionally restore the input text on error so user can edit/retry.

GPT-5

Output unavailable for this row.

The agreement

Both frontier models flagged this within the same line range. AntFleet's unanimous gate fired — the finding posted on the PR.

Closure

Tweet thread template

tweet 1 of 8181 / 280

Two frontier models reviewed PR #2 on df3ede3f. Both found this bug: low bug: ConfigAssistantPanel error path leaves user message in history with no assistant reply and no rollback

tweet 2 of 8148 / 280

The vulnerable code (app/src/components/channels/mcp/ConfigAssistantPanel.tsx:41-78): (full snippet at https://www.antfleet.dev/anatomy/eba8958d-0)

tweet 3 of 8280 / 280

What Opus saw: "On a failed configAssist call, the user message is already appended to messages and the input is cleared. The error is shown, but the user has no way to retry without re-typing — and on the next send the failed user message is still included in the history sent …

tweet 4 of 837 / 280

What GPT-5 saw: "Output unavailable"

tweet 5 of 897 / 280

Both flagged the same line range. AntFleet's unanimous gate fired — the finding posted on the PR.

tweet 6 of 893 / 280

The fix landed in commit pending: (view diff at https://www.antfleet.dev/anatomy/eba8958d-0)

tweet 7 of 881 / 280

AntFleet reviews every PR with two frontier models. Only unanimous findings post.

tweet 8 of 877 / 280

Full anatomy + reasoning + diffs: https://www.antfleet.dev/anatomy/eba8958d-0

Paste into X composer one tweet at a time. X has no multi-tweet intent API.

view receipt →all receipts →view disagreements →case studies →