AntFleet

Disagreement · 6017bf3f-anthropic-6

Synchronous child_process calls block the Node event loop on every request

mismatch
repo 6f7fc663·PR #25·reviewed 1 week ago

Primary finding

Synchronous child_process calls block the Node event loop on every request

lowperformancehigh
  • dashboard/app/api/secrets/route.ts:30-75
  • dashboard/app/api/auth/route.ts:5-12
Every GET/POST/DELETE fans out to multiple synchronous `gh` invocations (auth status, repo detection, secret list). On a multi-user dashboard this serializes all other requests handled by the same Node worker for hundreds of ms per call. The dashboard is described as a local tool, so severity is low, but the comment `// Check if ANTHROPIC_API_KEY or CLAUDE_CODE_OAUTH_TOKEN is set` in GET hides that it actually shells out three times.

Recommendation

Use the async `execFile` (promisified) and await it; or batch results behind a short in-memory cache (e.g. 5s TTL) for repo and auth-status checks.

Counterpart finding

Duplicate gh helper functions across files increases drift risk

lowmaintainabilityhigh
  • dashboard/app/api/auth/route.ts:4-11
  • dashboard/app/api/auth/route.ts:13-23
  • dashboard/app/api/auth/route.ts:25-28
  • dashboard/app/api/secrets/route.ts:32-39
  • dashboard/app/api/secrets/route.ts:41-51
  • dashboard/app/api/secrets/route.ts:53-56
Identical helper logic is defined in multiple files, increasing maintenance burden and the risk of inconsistent behavior over time.

Recommendation

Extract shared gh helpers into a common module and import them from both routes.

Why this didn't post

This finding didn't meet AntFleet's unanimous agreement threshold. Both frontier models review every PR independently; only findings they both flag with the same severity and category are posted to the PR. This one fell through.

read the methodology →

From the same review

These findings passed the unanimous gate on the same PR review. The disagreement above was filtered out; the findings below were posted.

← back to all disagreementsview public receiptssee unanimous findings + anatomies →
Tweet ↗