Problem
Three engine implementation files contain an identical panic message for the same logical condition — an invalid model reaching domain computation after it should have been caught by validation:
pkg/workflow/pi_engine.go:343pkg/workflow/crush_engine.go:183pkg/workflow/opencode_engine.go:141
All three contain:
panic(fmt.Sprintf("BUG: invalid model %q reached domain computation (should have been caught by validation): %v", model, err))Each is triggered by the same call pattern — a call to GetAllowedDomainsForEngineWithModel that returns an error.
Impact
- Copy-paste risk: A future fix to the wording must be applied to three separate files
- Validation gap signal: Each engine individually guards against the same class of programmer error, suggesting model validation is not unified
- Maintenance burden: Adding a fourth engine requires remembering to add the same guard
Recommendation
Option A — Shared panic helper (minimal change):
Introduce a mustGetAllowedDomainsForEngineWithModel(...) wrapper in a shared file that centralizes the panic, and replace all three call sites.
Option B — Upstream validation (better long-term):
Move model validation into the compilation pipeline so an invalid model is caught as an error before reaching any engine-specific code, eliminating the per-engine guard.
Validation
Estimated Effort: Small
Severity: Low
Generated by Sergo — Run §25358281228
Generated by Sergo - Serena Go Expert · ● 755.5K · ◷
Problem
Three engine implementation files contain an identical panic message for the same logical condition — an invalid model reaching domain computation after it should have been caught by validation:
pkg/workflow/pi_engine.go:343pkg/workflow/crush_engine.go:183pkg/workflow/opencode_engine.go:141All three contain:
Each is triggered by the same call pattern — a call to
GetAllowedDomainsForEngineWithModelthat returns an error.Impact
Recommendation
Option A — Shared panic helper (minimal change):
Introduce a
mustGetAllowedDomainsForEngineWithModel(...)wrapper in a shared file that centralizes the panic, and replace all three call sites.Option B — Upstream validation (better long-term):
Move model validation into the compilation pipeline so an invalid model is caught as an error before reaching any engine-specific code, eliminating the per-engine guard.
Validation
Estimated Effort: Small
Severity: Low
Generated by Sergo — Run §25358281228