AntFleet

Disagreement · 1ea5c6c4-anthropic-1

deploy-watcher Vercel API call uses projectId but interpolates project slug

mismatch
repo 6f7fc663·PR #13·reviewed 1 week ago

Primary finding

deploy-watcher Vercel API call uses projectId but interpolates project slug

mediumbughigh
  • templates/deploy-watcher/SKILL.md:22-33
The replace token is named VERCEL_PROJECT and the row in TEMPLATE.md describes it as the Vercel 'project' (typically the slug). However the URL passes it as `projectId=...`. Vercel's v6 /deployments endpoint accepts `projectId` (the prj_... id) OR `app` (the slug/name). Passing a slug as projectId returns empty results without an error, so the skill will silently report zero deploys and never alert. This is a real correctness defect for any operator using the obvious slug value.

Recommendation

Use `app=$PROJECT` for slug, or rename the token to VERCEL_PROJECT_ID and document that it must be the prj_… id. Alternatively branch: if PROJECT starts with `prj_` use projectId, else use app.

Counterpart finding

Optional Vercel TEAM_ID is treated as required in error handling text

lowdocs-gaphigh
  • templates/deploy-watcher/SKILL.md:14-16
  • templates/deploy-watcher/SKILL.md:17
The text first marks VERCEL_TEAM_ID as optional, but then says to exit if either secret is missing, which implies TEAM_ID is required. This is confusing for operators.

Recommendation

Clarify that only VERCEL_TOKEN is required. If TEAM_ID is absent, proceed in user scope. Update the line to: "If VERCEL_TOKEN is missing, log DEPLOY_WATCH_NO_TOKEN and exit cleanly."

Why this didn't post

This finding didn't meet AntFleet's unanimous agreement threshold. Both frontier models review every PR independently; only findings they both flag with the same severity and category are posted to the PR. This one fell through.

read the methodology →

From the same review

These findings passed the unanimous gate on the same PR review. The disagreement above was filtered out; the findings below were posted.

← back to all disagreementsview public receiptssee unanimous findings + anatomies →
Tweet ↗