AntFleet

Disagreement · 034f209b-anthropic-1

Opt-in route does not catch flipPublicReceiptForRepo failures — DB error becomes unhandled 500

solo Opus
repo e24ef98c·PR #9·reviewed 1 week ago

Opus finding

Opt-in route does not catch flipPublicReceiptForRepo failures — DB error becomes unhandled 500

mediumbughigh
  • apps/web/app/api/opt-in/route.ts:63-68
  • apps/web/app/api/opt-in/route.ts:99-119
handleOptIn explicitly wraps deps.recordEvent in try/catch and has a corresponding test ("does not 5xx if recordEvent throws"), but the preceding deps.flipReceipt call is awaited without any error handling. If the DB is briefly unavailable (Neon cold start, transient network blip), the user gets an unstyled Next 500 page rather than the carefully-designed errorPage HTML used for every other failure mode. Worse, the user has no way to know whether the flip succeeded — they may re-click, which is safe per design (idempotent flip), but the UX deviates sharply from the rest of the route. The test that establishes 'flip already happened, audit miss is non-fatal' shows the design intent was to be tolerant of DB issues; that intent is not realized for the primary write.

Recommendation

Wrap the flipReceipt await in try/catch and return htmlResponse(503, errorPage('Temporary issue', '...try again in a minute, or email agent@antfleet.dev')); also log via logWarn('optin.flip_failed', ...).

Other reviewer

The other reviewer flagged nothing in this file/line range.

Why this didn't post

This finding didn't meet AntFleet's unanimous agreement threshold. Both frontier models review every PR independently; only findings they both flag with the same severity and category are posted to the PR. This one fell through.

read the methodology →
← back to all disagreementsview public receiptssee unanimous findings + anatomies →
Tweet ↗