AntFleet

Disagreement · 5a1afff9-openai-4

Assumes API responses are valid JSON; --argjson and jq parsing can fail, dropping result files and masking errors

solo GPT-5
repo 6f7fc663·PR #33·reviewed 1 week ago

GPT-5 finding

Assumes API responses are valid JSON; --argjson and jq parsing can fail, dropping result files and masking errors

mediumbuild-releasehigh
  • scripts/postprocess-admanage-create.sh:95-97
  • scripts/postprocess-admanage-create.sh:101-103
  • scripts/postprocess-admanage-create.sh:119-121
  • scripts/postprocess-admanage-create.sh:165-166
  • scripts/postprocess-admanage-create.sh:167-169
  • scripts/postprocess-admanage-create.sh:198-200
If curl returns a non-JSON response (e.g., HTML error page, 502 proxy), jq parsing fails. With pipefail but no `set -e`, variables become empty and --argjson consumes invalid JSON, causing jq to exit non-zero and produce no results file, reducing observability. Errors then get partially swallowed.

Recommendation

Validate response before jq parsing: if `jq -e . >/dev/null 2>&1` fails, treat resp as opaque text. Use `--arg resp "$resp"` (string) instead of `--argjson` when invalid. Always write a results file even when resp is non-JSON. Consider capturing HTTP status via `-w` and `--fail` in curl.

Other reviewer

The other reviewer flagged nothing in this file/line range.

Why this didn't post

This finding didn't meet AntFleet's unanimous agreement threshold. Both frontier models review every PR independently; only findings they both flag with the same severity and category are posted to the PR. This one fell through.

read the methodology →
← back to all disagreementsview public receiptssee unanimous findings + anatomies →
Tweet ↗