Reject non-finite Kimi K2 usage values#1915
Conversation
|
Codex review: needs maintainer review before merge. Reviewed July 6, 2026, 4:33 AM ET / 08:33 UTC. Summary Reproducibility: yes. from source inspection: current main's Kimi K2 double(from:) accepts Double and Double(String) values without finite checks, so NaN or Infinity can propagate into the usage summary. I did not run local tests because this review was read-only. Review metrics: none identified. Merge readiness Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch. Rank-up moves:
Next step before merge
Security Review detailsBest possible solution: Land the focused finite-value guard after required CI and maintainer review, keeping malformed or non-finite Kimi K2 numeric inputs on the existing zero/nil fallback path. Do we have a high-confidence way to reproduce the issue? Yes from source inspection: current main's Kimi K2 double(from:) accepts Double and Double(String) values without finite checks, so NaN or Infinity can propagate into the usage summary. I did not run local tests because this review was read-only. Is this the best way to solve the issue? Yes; putting the finite check in the shared double(from:) parser covers JSON values and the header fallback with one narrow change, and the transport seam matches existing provider-test patterns. AGENTS.md: found and applied where relevant. Codex review notes: model internal, reasoning high; reviewed against 76a63dc55939. Label changesLabel justifications:
Evidence reviewedWhat I checked:
Likely related people:
What the crustacean ranks mean
Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics. How this review workflow works
Review history (1 earlier review cycle)
|
750db3f to
909b415
Compare
|
Landed as Maintainer verification:
The regression uses an in-memory transport through the public fetch path; no live credentials or Keychain access were used. |
Summary
Production-path proof
The regression test calls the public fetcher with an in-memory HTTP response containing non-finite JSON values and a non-finite
X-Credits-Remainingfallback. It verifies the request authorization header and the resulting zero-or-nil fallback. No live credentials are used.Testing
swift test --disable-sandbox --filter KimiK2UsageFetcherTests(7 passed)make test(all 48 shards passed)make check(SwiftFormat clean; SwiftLint 0 violations)git diff --check909b415a751eb7e34af141a8a8db80e989442219