chore: post-review fixes for PR #66#69
Open
Zireael wants to merge 2 commits into
Open
Conversation
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
There was a problem hiding this comment.
1 issue found across 7 files
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="packages/aft-bridge/src/downloader.ts">
<violation number="1" location="packages/aft-bridge/src/downloader.ts:275">
P2: Windows unlink-first strategy can permanently remove the existing binary if renameSync fails after successful unlink</violation>
</file>
Reply with feedback, questions, or to request a fix.
Re-trigger cubic
- Increase GetModuleFileNameW buffer from 260 to 32767 (MAX_UNICODEPATH) to prevent silent truncation on deeply nested Windows paths - Remove unreachable #[cfg(target_os = "windows")] dead code in suggest_removal_command (Windows paths never start with /usr/local/lib) - Remove duplicate PATH scanning loop in CLI onnx.ts (pathEntriesForPlatform() already handles PATH) - Replace mkdirSync side effect in diagnostics.ts with read-only access check (doctor should not mutate filesystem) - Normalize Windows path comparisons to lowercase for case-insensitive matching in bridge onnx-runtime.ts - Add warning logging for NuGet scan failures in bridge onnx-runtime.ts - Fix cubic finding: replace unlink-then-rename with copyFileSync+unlink in downloader.ts to eliminate the window where no binary exists
Zireael
force-pushed
the
fix/pr-66-post-review-fixes
branch
from
82d0a48 to
7a429de
Compare
Contributor
Author
|
Addressed cubic review finding #1 (the unlink-then-rename pattern in downloader.ts): Replaced Verified Branch rebased cleanly onto latest |
There was a problem hiding this comment.
1 issue found across 5 files
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="packages/aft-bridge/src/downloader.ts">
<violation number="1" location="packages/aft-bridge/src/downloader.ts:275">
P2: Windows temp file cleanup failure can falsely report a successful binary replacement as a download failure</violation>
</file>
Reply with feedback, questions, or to request a fix.
Re-trigger cubic
On Windows, use copyFileSync for the binary replacement (which overwrites the target — renameSync fails with EEXIST). If it fails, the original binary at binaryPath is preserved. The temp file cleanup is now wrapped in its own try/catch so a cleanup failure does NOT propagate as a download failure — the binary was already successfully placed at binaryPath. Addresses PR cortexkit#69 cubic review finding P2.
Contributor
Author
|
Addressed cubic finding P2 (Windows temp file cleanup falsely reporting download failure):
Verified |
There was a problem hiding this comment.
1 issue found across 1 file (changes from recent commits).
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="packages/aft-bridge/src/downloader.ts">
<violation number="1" location="packages/aft-bridge/src/downloader.ts:110">
P2: Cache-hit validation was weakened from verifying the binary's runtime version to trusting path existence alone. Without `isExpectedCachedBinary`, a stale, corrupted, or manually replaced binary in the versioned cache directory will be silently reused.</violation>
</file>
Reply with feedback, questions, or to request a fix.
Re-trigger cubic
| // freshly requested compatible version forever. | ||
| if (existsSync(binaryPath) && isExpectedCachedBinary(binaryPath, tag)) { | ||
| // Already cached for this version | ||
| if (existsSync(binaryPath)) { |
There was a problem hiding this comment.
P2: Cache-hit validation was weakened from verifying the binary's runtime version to trusting path existence alone. Without isExpectedCachedBinary, a stale, corrupted, or manually replaced binary in the versioned cache directory will be silently reused.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At packages/aft-bridge/src/downloader.ts, line 110:
<comment>Cache-hit validation was weakened from verifying the binary's runtime version to trusting path existence alone. Without `isExpectedCachedBinary`, a stale, corrupted, or manually replaced binary in the versioned cache directory will be silently reused.</comment>
<file context>
@@ -149,10 +106,8 @@ export async function downloadBinary(version?: string): Promise<string | null> {
- // freshly requested compatible version forever.
- if (existsSync(binaryPath) && isExpectedCachedBinary(binaryPath, tag)) {
+ // Already cached for this version
+ if (existsSync(binaryPath)) {
return binaryPath;
}
</file context>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
6 small fixes discovered during code review of PR #66, addressing edge cases and bugs across Rust and TypeScript layers.
Changes
GetModuleFileNameWto prevent silent truncation on deep Windows paths (e.g., long NuGet package paths under%USERPROFILE%)#[cfg(target_os = "windows")]dead code insuggest_removal_command(Windows paths never start with/usr/local/lib)pathEntriesForPlatform()already reads PATH with proper filteringmkdirSyncside effect with read-onlyaccessSynccheck — doctor should not mutate filesystemVerification
tsc --noEmitclean in bothaft-bridgeandaft-clicargo check+cargo clippy -D warningspending (Docker unavailable on this machine — changes are trivially safe: buffer size bump + dead code removal)Supersedes: PR #66
Need help on this PR? Tag
@codesmithwith what you need. Autofix is disabled.Summary by cubic
Post-review hardening for PR #66: improves ONNX Runtime discovery/validation on Windows, makes Windows binary replacement safer and resilient to temp cleanup errors, and keeps diagnostics read-only. Also ensures storage is created during configure. Fixes CI flakes and Windows edge cases across Rust and TypeScript.
onnxruntime.dllearly viaLoadLibraryExW, probe version withGetFileVersionInfoW, and align version gate with macOS/Linux (crates/aft/src/semantic_index.rs).GetModuleFileNameWbuffer to 32767 (crates/aft/src/semantic_index.rs).packages/aft-bridge/src/onnx-runtime.ts,packages/aft-cli/src/lib/onnx.ts).copyFileSync(tmp, target)then best‑effortunlinkSync(tmp)so cleanup failures don’t fail the download; keep POSIX flow aschmodSync+ atomicrenameSync(packages/aft-bridge/src/downloader.ts).fs::create_dir_alland warn on failure (crates/aft/src/commands/configure.rs).mkdirSyncside effect with a read-onlyaccessSynccheck; no filesystem mutations (packages/aft-cli/src/lib/diagnostics.ts).crates/aft/src/semantic_index.rs).Written for commit 663851b. Summary will update on new commits.
Review in cubic