Disagreement · 18907f89-anthropic-3

`notify` immediate-delivery dedup writes hash before delivery is confirmed, causing silent message loss when sandbox blocks curl

solo Opus

repo 6f7fc663·PR #31·reviewed 1 week ago

Opus finding

`notify` immediate-delivery dedup writes hash before delivery is confirmed, causing silent message loss when sandbox blocks curl

mediumdata-losshigh

.github/workflows/aeon.yml:226-236
.github/workflows/aeon.yml:553-562

The notify script writes the hash to .notify-sent-hashes BEFORE attempting delivery. If Claude calls ./notify but all transports fail (sandbox blocks curl — the documented reason for the .pending-notify/ fallback), the message is saved to .pending-notify/<TS>.md AND the hash is in the dedup file. In the post-run 'Send pending notifications' step, the hash check then skips redelivery because the hash is already in HASH_FILE, so the message is permanently dropped. The comment says 'Dedup against messages already sent by ./notify inline' but the hash file does not record whether delivery actually succeeded.

Recommendation

Only append the hash to HASH_FILE when DELIVERED=true (move the `printf '%s\n' "$HASH" >> $HASH_FILE` to after the success block). Alternatively, track delivered hashes in a separate file from attempted hashes.

Other reviewer

The other reviewer flagged nothing in this file/line range.

Why this didn't post

This finding didn't meet AntFleet's unanimous agreement threshold. Both frontier models review every PR independently; only findings they both flag with the same severity and category are posted to the PR. This one fell through.

read the methodology →

From the same review

These findings passed the unanimous gate on the same PR review. The disagreement above was filtered out; the findings below were posted.

← back to all disagreements view public receipts see unanimous findings + anatomies →

Tweet ↗