AntFleet

Disagreement · 1a8e53aa-openai-0

Undefined FORK_DEFAULT_BRANCH used when fetching fork aeon.yml

mismatch
repo 6f7fc663·PR #21·reviewed 1 week ago

Primary finding

Undefined FORK_DEFAULT_BRANCH used when fetching fork aeon.yml

highbughigh
  • skills/contributor-spotlight/SKILL.md:108-110
  • skills/contributor-spotlight/SKILL.md:86-89
The spec later uses ${FORK_DEFAULT_BRANCH} in the ref query param but never assigns it. Although default_branch is written to a JSON file, it is not exported into an environment variable. Using an empty ref may cause the GitHub API call to fail or return unexpected content, breaking enabled-skill detection.

Recommendation

Extract default_branch from /tmp/contrib-repo.json and set FORK_DEFAULT_BRANCH before use, e.g.: FORK_DEFAULT_BRANCH=$(jq -r '.default_branch // ""' /tmp/contrib-repo.json) Then only add ?ref=${FORK_DEFAULT_BRANCH} if non-empty, otherwise omit ref to use the default branch.

Counterpart finding

Override fork path skips the 4-week dedup check, allowing repeated weekly features

lowbughigh
  • skills/contributor-spotlight/SKILL.md:102-108
  • skills/contributor-spotlight/SKILL.md:240-244
The Constraints section states the 4-week dedup is invariant ("Even if the same fork is the top POWER candidate two weeks running, rotate"). However, the override branch in step 3 only checks bucket membership; it does not consult `contributor-spotlight-history.json`. An operator (or scheduled run with a sticky `var`) can re-feature the same fork every week, violating the documented constraint and the dedup history's purpose. This is also a maintainability/contract gap because the spec is internally inconsistent.

Recommendation

Either (a) apply the 4-week dedup to the override path as well and emit `SPOTLIGHT_BAD_OVERRIDE: recently featured` when violated, or (b) explicitly document that override bypasses dedup and add a warning in the article/notification.

Why this didn't post

This finding didn't meet AntFleet's unanimous agreement threshold. Both frontier models review every PR independently; only findings they both flag with the same severity and category are posted to the PR. This one fell through.

read the methodology →
← back to all disagreementsview public receiptssee unanimous findings + anatomies →
Tweet ↗