AntFleet

Disagreement · 219fd253-openai-2

Inconsistent API base paths and owner scoping may confuse clients

solo GPT-5
repo a16d2030·PR #3·reviewed 1 week ago

GPT-5 finding

Inconsistent API base paths and owner scoping may confuse clients

mediumapi-contracthigh
  • gitlawb/references/api-reference.md:32-37
  • gitlawb/references/api-reference.md:43-44
  • gitlawb/references/api-reference.md:72-75
  • gitlawb/references/api-reference.md:102-106
  • gitlawb/references/api-reference.md:50-57
The docs mix endpoints under /api/v1 with root-scoped endpoints (/repos for Git Smart HTTP, /tasks, /health, /peers, /ipfs). Additionally, Git Smart HTTP paths omit {owner} even though other repo endpoints include owner/name. Without an explicit routing convention, clients may construct incorrect URLs or be unable to disambiguate repositories by owner.

Recommendation

Document the base path conventions clearly: which resources live under /api/v1 versus root, and why. For Git Smart HTTP, clarify whether {owner} is required in the path (e.g., /repos/{owner}/{name}/git-receive-pack) or if {name} is globally unique on the node. If both forms are supported, provide explicit examples for each. Consider aligning all JSON API endpoints under /api/v1 and reserving root for Git Smart HTTP only.

Other reviewer

The other reviewer flagged nothing in this file/line range.

Why this didn't post

This finding didn't meet AntFleet's unanimous agreement threshold. Both frontier models review every PR independently; only findings they both flag with the same severity and category are posted to the PR. This one fell through.

read the methodology →

From the same review

These findings passed the unanimous gate on the same PR review. The disagreement above was filtered out; the findings below were posted.

← back to all disagreementsview public receiptssee unanimous findings + anatomies →
Tweet ↗