AntFleet

Disagreement · cdf9ffa0-openai-2

Daily spend cap circuit breaker fails open if spend API returns invalid/empty JSON

mismatch
repo 6f7fc663·PR #4·reviewed 1 week ago

Primary finding

Daily spend cap circuit breaker fails open if spend API returns invalid/empty JSON

mediumbughigh
  • scripts/postprocess-admanage.sh:55-69
If SPEND_RESP is non-JSON (or jq fails), TODAY_SPEND becomes empty. The AWK comparison then evaluates an invalid expression (" >= <cap>") and returns non-zero, which makes the if not trigger. The script proceeds to launch despite an unknown/possibly over-cap spend state. A circuit breaker should fail closed for safety.

Recommendation

Harden parsing: default TODAY_SPEND to a safe numeric value and fail closed on parse errors. Example: parsed=$(echo "$SPEND_RESP" | jq -er '.metadata.totalSpend' 2>/dev/null || echo '__ERR__'); if [ "$parsed" = '__ERR__' ]; then block launches with a warning; else compare numerically using bc or awk with explicit numbers. Alternatively, treat any fetch/parse failure as over-cap and exit.

Counterpart finding

Spend cap message uses literal `${TODAY_SPEND}` interpolation that double-prefixes dollar signs and is shell-fragile

lowmaintainabilityhigh
  • scripts/postprocess-admanage.sh:72
The escape `\$${TODAY_SPEND}` is intended to render a literal `$` followed by the value, but if TODAY_SPEND were ever empty/whitespace (e.g., from a failed jq filter), the message renders as `today=$ cap=$50` which is confusing. Combined with the silent failure mode above, the operator gets a misleading number rather than a hard error.

Recommendation

Build the message with printf and only after validating both values are numeric.

Why this didn't post

This finding didn't meet AntFleet's unanimous agreement threshold. Both frontier models review every PR independently; only findings they both flag with the same severity and category are posted to the PR. This one fell through.

read the methodology →

From the same review

These findings passed the unanimous gate on the same PR review. The disagreement above was filtered out; the findings below were posted.

← back to all disagreementsview public receiptssee unanimous findings + anatomies →
Tweet ↗