AntFleet

Disagreement · b1d71d08-anthropic-6

PARENT_REPO via gh api missing auth/error handling — failure silently empties PARENT_OWNER

solo Opus
repo 6f7fc663·PR #24·reviewed 1 week ago

Opus finding

PARENT_REPO via gh api missing auth/error handling — failure silently empties PARENT_OWNER

lowbugmedium
  • skills/fleet-state/SKILL.md:70-76
  • skills/fleet-state/SKILL.md:343-348
If `gh repo view` or `gh api` fails (rate-limit, missing GH_TOKEN, offline run), PARENT_REPO becomes empty and PARENT_OWNER is empty. The subsequent parent-comparison logic ("If the state file's `parent` is set and differs from the resolved `PARENT_REPO` → clear snapshot + history") will treat "" as a different parent and *nuke 12 weeks of history*. This is a data-loss path triggered by a transient API failure. Also note: the constraints section says "never calls gh api on fork repos" but does call gh api on the current repo's nameWithOwner — minor; but a transient failure should not wipe history.

Recommendation

Validate `[ -n "$PARENT_REPO" ]` after the gh call; on failure, log `FLEET_STATE_PARENT_UNRESOLVED` and exit without touching state, OR fall back to the stored parent.

Other reviewer

The other reviewer flagged nothing in this file/line range.

Why this didn't post

This finding didn't meet AntFleet's unanimous agreement threshold. Both frontier models review every PR independently; only findings they both flag with the same severity and category are posted to the PR. This one fell through.

read the methodology →

From the same review

These findings passed the unanimous gate on the same PR review. The disagreement above was filtered out; the findings below were posted.

← back to all disagreementsview public receiptssee unanimous findings + anatomies →
Tweet ↗