Disagreement · 5bbcd2d3-openai-1

Implicit mention detection uses incorrect regex; device suffix not stripped from JIDs

solo GPT-5

repo 5149da9d·PR #3·reviewed 2 days ago

GPT-5 finding

Implicit mention detection uses incorrect regex; device suffix not stripped from JIDs

mediumbughigh

src/web/auto-reply/monitor/group-gating.ts:121-123

The pattern /:\d+/ in a regex literal matches a colon followed by a literal backslash and one or more 'd' characters, not digits. This fails to strip the ":<digits>" device suffix (e.g., ":1"). As a result, implicitMention may be false when reply-to sender equals self except for differing device suffixes.

Recommendation

Use a correct digit-matching pattern, ideally anchored to the end: replace(/:\d+$/, ""). This reliably removes a trailing ":<digits>" device suffix for both selfJid and replySenderJid. Alternatively, parse JIDs via a helper that normalizes device suffixes.

Other reviewer

The other reviewer flagged nothing in this file/line range.

Why this didn't post

This finding didn't meet AntFleet's unanimous agreement threshold. Both frontier models review every PR independently; only findings they both flag with the same severity and category are posted to the PR. This one fell through.

read the methodology →

From the same review

These findings passed the unanimous gate on the same PR review. The disagreement above was filtered out; the findings below were posted.

highbug
Allowlist comparisons use normalized lists but compare against unnormalized candidates (can mis-block/allow DMs/groups)
view anatomy →

← back to all disagreements view public receipts see unanimous findings + anatomies →

Tweet ↗