Skip to content

fix: add missing local declarations in cmd_transition to prevent cross-contamination #967

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
marcusquinn merged 1 commit into from
Feb 10, 2026
Merged

fix: add missing local declarations in cmd_transition to prevent cross-contamination #967

marcusquinn merged 1 commit into from
Feb 10, 2026

Conversation

@marcusquinn
Copy link
Owner

@marcusquinn marcusquinn commented Feb 10, 2026

Summary

  • Adds local declarations for session_id, worktree, branch, log_file, and pr_url in cmd_transition()
  • These 5 variables were assigned in the case block without local, causing them to leak into the shell's global scope
  • When the pulse cycle calls cmd_transition() in a loop for multiple tasks, stale values from a previous call would be picked up by ${branch:-} / ${pr_url:-} checks and written to unrelated tasks' DB rows

Root Cause

This was the root cause of all PR cross-contamination we've been tracking:

Why t232 didn't catch it

The centralized link_pr_to_task() (t232) validates PR ownership when called explicitly. But cmd_transition() has its own --pr-url flag that writes directly to the DB — and the stale global variable caused it to silently pass a wrong PR URL without going through validation.

One-line fix

# Before (line 1695):
local task_id="" new_state="" error_msg=""

# After (lines 1695-1696):
local task_id="" new_state="" error_msg=""
local session_id="" worktree="" branch="" log_file="" pr_url=""

Verification

  • ShellCheck passes (no new violations)
  • The local keyword ensures variables are scoped to the function and reset to empty on each call
  • Subsequent calls without --branch/--pr-url will correctly see empty values and skip the DB update

@marcusquinn
fix: add missing local declarations in cmd_transition to prevent cros…
4ea5ff4 
…s-contamination

The session_id, worktree, branch, log_file, and pr_url variables in
cmd_transition() were not declared as local. When the pulse cycle calls
cmd_transition() in a loop for multiple tasks, these variables leaked
between calls via the shell's global scope. A call with --branch or
--pr-url would set the global, and subsequent calls without those flags
would still see the stale value via ${branch:-} / ${pr_url:-} checks,
overwriting unrelated tasks' DB rows.

This was the root cause of all PR cross-contamination (6 historical
duplicates, plus ongoing backlog-19 contamination where PR #962 was
linked to 5 unrelated tasks).
@coderabbitai
Copy link
Contributor

coderabbitai bot commented Feb 10, 2026

Warning

Rate limit exceeded

@marcusquinn has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 20 minutes and 54 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch bugfix/cmd-transition-variable-scoping

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@github-actions
Copy link

github-actions bot commented Feb 10, 2026

🔍 Code Quality Report

�[0;35m[MONITOR]�[0m Code Review Monitoring Report

�[0;34m[INFO]�[0m Latest Quality Status:
SonarCloud: 0 bugs, 0 vulnerabilities, 36 code smells

�[0;34m[INFO]�[0m Recent monitoring activity:
Tue Feb 10 18:25:14 UTC 2026: Code review monitoring started
Tue Feb 10 18:25:15 UTC 2026: SonarCloud - Bugs: 0, Vulnerabilities: 0, Code Smells: 36

📈 Current Quality Metrics

  • BUGS: 0
  • CODE SMELLS: 36
  • VULNERABILITIES: 0

Generated on: Tue Feb 10 18:25:17 UTC 2026

Generated by AI DevOps Framework Code Review Monitoring

@sonarqubecloud
Copy link

sonarqubecloud bot commented Feb 10, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@marcusquinn marcusquinn merged commit 45b1692 into main Feb 10, 2026
10 checks passed
@gemini-code-assist
Copy link

gemini-code-assist bot commented Feb 10, 2026

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!

@marcusquinn marcusquinn mentioned this pull request Feb 10, 2026
Merged
@github-actions github-actions bot mentioned this pull request Feb 11, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@marcusquinn