AntFleet

Disagreement · 8ff8c1af-anthropic-4

Telemetry flush() swallows all errors silently — data loss with no signal

mismatch
repo 56f59a0d·PR #2·reviewed 4 days ago

Primary finding

Telemetry flush() swallows all errors silently — data loss with no signal

mediumdata-losshigh
  • src/providers/telemetry.ts:195-202
On a failed transaction, the queued metricUpdates/decisionQueue/failureQueue are NOT cleared after rollback. That means they will be retried on next flush, which is OK for retry, BUT: (a) if the failure is deterministic (e.g., bad schema column), the queues grow unbounded forever; (b) the error is completely silent — no console.warn, no logging. Telemetry data loss happens with zero diagnostics. Combined with FLUSH_EVENT_COUNT=10, the queues can grow to memory exhaustion if DB is broken.

Recommendation

Log errors (at least once), and add an upper bound on queue size with policy to drop oldest events when retention threshold is exceeded.

Counterpart finding

Retention policy keeps RETENTION_LIMIT+1 rows (off-by-one)

mediumbughigh
  • src/providers/telemetry.ts:206-214
Using id < (MAX(id) - LIMIT) retains rows with id >= (MAX - LIMIT), which is LIMIT+1 rows due to inclusive range (e.g., keep 50..1050 inclusive when MAX=1050, LIMIT=1000). If the intent is to keep exactly RETENTION_LIMIT rows, the condition should be id <= (MAX - LIMIT).

Recommendation

Use <= instead of <. Example: DELETE FROM routing_decisions WHERE id <= (SELECT MAX(id) - ? FROM routing_decisions); DELETE FROM failures WHERE id <= (SELECT MAX(id) - ? FROM failures); Bind RETENTION_LIMIT as a parameter to avoid string interpolation. Optionally, guard NULL MAX with COALESCE.

Why this didn't post

This finding didn't meet AntFleet's unanimous agreement threshold. Both frontier models review every PR independently; only findings they both flag with the same severity and category are posted to the PR. This one fell through.

read the methodology →

From the same review

These findings passed the unanimous gate on the same PR review. The disagreement above was filtered out; the findings below were posted.

← back to all disagreementsview public receiptssee unanimous findings + anatomies →
Tweet ↗