Reject invalid Kimi K2 timestamps#1916
Conversation
|
Codex review: needs maintainer review before merge. Reviewed July 6, 2026, 12:15 PM ET / 16:15 UTC. Summary Reproducibility: yes. Source inspection shows current main accepts positive numeric timestamps without finite or upper-bound checks, and the PR proof exercises the public fetcher with invalid timestamp fixtures. Review metrics: none identified. Merge readiness Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch. Rank-up moves:
Risk before merge
Maintainer options:
Next step before merge
Security Review detailsBest possible solution: Land the focused timestamp parser hardening after exact-head CI completes, preserving valid Unix seconds and milliseconds while falling back on invalid numeric timestamps. Do we have a high-confidence way to reproduce the issue? Yes. Source inspection shows current main accepts positive numeric timestamps without finite or upper-bound checks, and the PR proof exercises the public fetcher with invalid timestamp fixtures. Is this the best way to solve the issue? Yes. The patch changes the existing timestamp helper and deterministic test seam without changing provider routing, credentials, stored settings, or user-facing defaults. AGENTS.md: found and applied where relevant. Codex review notes: model internal, reasoning high; reviewed against 8479841c1622. Label changesLabel justifications:
Evidence reviewedWhat I checked:
Likely related people:
What the crustacean ranks mean
Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics. How this review workflow works
Review history (1 earlier review cycle)
|
f582004 to
6dca54a
Compare
|
Maintainer proof for exact head
The contributor branch was rebased onto current |
Summary
DateProduction-path proof
A source-blind executable linked against
CodexBarCoreexercised the public fetcher through an isolated HTTP transport. It verified distinct seconds and milliseconds values, the exact cutoff, non-finite and extreme finite input, and unchanged credit totals:No live credentials, provider traffic, or Keychain access were used.
Testing
swift test --disable-sandbox --filter KimiK2UsageFetcherTests(10 passed)make check(SwiftFormat clean; SwiftLint 0 violations)make test(48/48 shards passed)git diff --check