Skip to content

Reject invalid Kimi K2 timestamps#1916

Merged
steipete merged 2 commits into
steipete:mainfrom
joeVenner:fix/kimi-k2-invalid-timestamps
Jul 6, 2026
Merged

Reject invalid Kimi K2 timestamps#1916
steipete merged 2 commits into
steipete:mainfrom
joeVenner:fix/kimi-k2-invalid-timestamps

Conversation

@joeVenner

@joeVenner joeVenner commented Jul 5, 2026

Copy link
Copy Markdown
Contributor

Summary

  • reject non-finite, non-positive, and out-of-range Kimi K2 numeric timestamps
  • preserve valid Unix seconds and milliseconds, including the exact millisecond cutoff
  • fall back to the refresh time instead of constructing an unusable Date
  • make fallback-time regression coverage deterministic and add changelog credit

Production-path proof

A source-blind executable linked against CodexBarCore exercised the public fetcher through an isolated HTTP transport. It verified distinct seconds and milliseconds values, the exact cutoff, non-finite and extreme finite input, and unchanged credit totals:

PASS seconds
PASS milliseconds
PASS cutoff
PASS nonfinite
PASS extreme
RESULT PASS 5/5

No live credentials, provider traffic, or Keychain access were used.

Testing

  • swift test --disable-sandbox --filter KimiK2UsageFetcherTests (10 passed)
  • make check (SwiftFormat clean; SwiftLint 0 violations)
  • make test (48/48 shards passed)
  • autoreview clean (0.97 confidence)
  • git diff --check

@clawsweeper

clawsweeper Bot commented Jul 5, 2026

Copy link
Copy Markdown

Codex review: needs maintainer review before merge. Reviewed July 6, 2026, 12:15 PM ET / 16:15 UTC.

Summary
The branch hardens Kimi K2 numeric timestamp parsing, adds deterministic parser tests, and updates the unreleased changelog.

Reproducibility: yes. Source inspection shows current main accepts positive numeric timestamps without finite or upper-bound checks, and the PR proof exercises the public fetcher with invalid timestamp fixtures.

Review metrics: none identified.

Merge readiness
Overall: 🐚 platinum hermit
Proof: 🐚 platinum hermit
Patch quality: 🐚 platinum hermit
Result: ready for maintainer review.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

  • none.

Risk before merge

  • [P1] Exact-head CI was still partly queued or in progress when inspected; that is ordinary merge gating rather than a patch defect.

Maintainer options:

  1. Decide the mitigation before merge
    Land the focused timestamp parser hardening after exact-head CI completes, preserving valid Unix seconds and milliseconds while falling back on invalid numeric timestamps.
  2. Pause or close
    Do not merge this PR until maintainers decide whether the risk is worth taking.

Next step before merge

  • [P2] No repair lane is needed; the open PR is the implementation candidate and only ordinary maintainer review plus required CI completion remains.

Security
Cleared: The diff only changes Kimi K2 parser validation, focused tests, and a changelog entry; no concrete security or supply-chain concern was found.

Review details

Best possible solution:

Land the focused timestamp parser hardening after exact-head CI completes, preserving valid Unix seconds and milliseconds while falling back on invalid numeric timestamps.

Do we have a high-confidence way to reproduce the issue?

Yes. Source inspection shows current main accepts positive numeric timestamps without finite or upper-bound checks, and the PR proof exercises the public fetcher with invalid timestamp fixtures.

Is this the best way to solve the issue?

Yes. The patch changes the existing timestamp helper and deterministic test seam without changing provider routing, credentials, stored settings, or user-facing defaults.

AGENTS.md: found and applied where relevant.

Codex review notes: model internal, reasoning high; reviewed against 8479841c1622.

Label changes

Label justifications:

  • P2: This is a bounded Kimi K2 provider-parser correctness fix with limited blast radius.
  • rating: 🐚 platinum hermit: Overall readiness is 🐚 platinum hermit; proof is 🐚 platinum hermit and patch quality is 🐚 platinum hermit.
  • status: 👀 ready for maintainer look: ClawSweeper has no concrete contributor-facing blocker left for this PR. Sufficient (live_output): The PR body includes copied live output from a source-blind executable linked against CodexBarCore exercising the public fetcher through isolated HTTP transport.
  • proof: sufficient: Contributor real behavior proof is sufficient. The PR body includes copied live output from a source-blind executable linked against CodexBarCore exercising the public fetcher through isolated HTTP transport.
Evidence reviewed

What I checked:

Likely related people:

  • steipete: Peter Steinberger introduced the numeric timestamp parser in history and authored the latest timestamp-hardening commit on this branch. (role: feature-history owner and recent area contributor; confidence: high; commits: fc3670b5363e, 6dca54a5666f; files: Sources/CodexBarCore/Providers/KimiK2/KimiK2UsageFetcher.swift, Tests/CodexBarTests/KimiK2UsageFetcherTests.swift)
  • joeVenner: JoeVenner authored the merged adjacent Kimi K2 finite numeric parsing PR and the first commit on this timestamp PR, so they are connected to the parser hardening path beyond this proposal alone. (role: recent adjacent contributor; confidence: high; commits: b00797537dbf, 963ab0ae537d; files: Sources/CodexBarCore/Providers/KimiK2/KimiK2UsageFetcher.swift, Tests/CodexBarTests/KimiK2UsageFetcherTests.swift)
  • 0-CYBERDYNE-SYSTEMS-0: The original Kimi K2 provider support appears under this author before later parser follow-ups refined the fetcher. (role: introduced provider support; confidence: medium; commits: eade57bfde35; files: Sources/CodexBarCore/Providers/KimiK2/KimiK2UsageFetcher.swift)
What the crustacean ranks mean
  • 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
  • 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
  • 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
  • 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
  • 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
  • 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
  • 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works
  • ClawSweeper keeps one durable marker-backed review comment per issue or PR.
  • Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
  • A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
  • PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
  • Maintainers can also comment @clawsweeper review to request a fresh review only.
  • Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
  • Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
  • Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.
Review history (1 earlier review cycle)
  • reviewed 2026-07-05T16:09:41.251Z sha f582004 :: needs maintainer review before merge. :: none

@clawsweeper clawsweeper Bot added proof: sufficient Contributor real behavior proof is sufficient. rating: 🐚 platinum hermit Good normal PR readiness with ordinary maintainer review expected. status: 👀 ready for maintainer look ClawSweeper has no concrete contributor-facing blocker left for this PR. P2 Normal priority bug or improvement with limited blast radius. labels Jul 5, 2026
@steipete steipete force-pushed the fix/kimi-k2-invalid-timestamps branch from f582004 to 6dca54a Compare July 6, 2026 16:08
@steipete

steipete commented Jul 6, 2026

Copy link
Copy Markdown
Owner

Maintainer proof for exact head 6dca54a5666fcdcec932eff3cc37555ee8ac14cc:

  • focused Kimi K2 fetcher suite: 10/10 passed
  • source-blind public fetch-path contract: 5/5 passed (seconds, milliseconds, exact cutoff, non-finite, extreme finite; credit totals unchanged)
  • make check: clean (SwiftFormat clean, SwiftLint 0 violations)
  • make test: all 48/48 local shards passed
  • autoreview: clean, no actionable findings (0.97 confidence)
  • exact-head CI: changes, lint, security, Linux x64, and Linux arm64 green
  • hosted macOS: one shard running and three capacity-queued; landing under the documented capacity-only policy backed by the complete local 48-shard run
  • Public Model Identifier Gate: PASS; no model identifiers added or changed
  • dependency freshness: no dependency changes

The contributor branch was rebased onto current main; contributor authorship and changelog credit are preserved.

@steipete steipete merged commit 4fe943f into steipete:main Jul 6, 2026
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

P2 Normal priority bug or improvement with limited blast radius. proof: sufficient Contributor real behavior proof is sufficient. rating: 🐚 platinum hermit Good normal PR readiness with ordinary maintainer review expected. status: 👀 ready for maintainer look ClawSweeper has no concrete contributor-facing blocker left for this PR.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants