AntFleet

Disagreement · 54ec06bb-anthropic-3

Onboarder summary may double-fire across retries (no idempotency guard)

solo Opus
repo e24ef98c·PR #11·reviewed 1 week ago

Opus finding

Onboarder summary may double-fire across retries (no idempotency guard)

mediumbugmedium
  • apps/web/lib/review-worker.ts:245-264
  • apps/web/lib/review-worker.ts:240-245
The comment says runFirstReviewSummary self-gates on first-review-only. If a review attempt fails AFTER runFirstReviewSummary succeeds (e.g. postPRComment throws on a 503), the row goes to pending_retry. On the next retry the entire processClaimedRow runs again — including runFirstReviewSummary. Whether this double-fires depends entirely on the onboarder's internal idempotency. The PR slice does not expose that code so the guarantee is unverifiable here, but the worker should defensively skip the onboarder call (and/or check a flag) when processingAttempts > 1. As written this is a foot-gun for partner-visible duplicate onboarding messages.

Recommendation

Either (a) move the onboarder call to AFTER successful comment posting + lifecycle persist so it runs at most once per successful review, or (b) document the idempotency contract that runFirstReviewSummary must satisfy and add a unit test pinning it.

Other reviewer

The other reviewer flagged nothing in this file/line range.

Why this didn't post

This finding didn't meet AntFleet's unanimous agreement threshold. Both frontier models review every PR independently; only findings they both flag with the same severity and category are posted to the PR. This one fell through.

read the methodology →
← back to all disagreementsview public receiptssee unanimous findings + anatomies →
Tweet ↗