Build graph metadata from analyzed revisions#19
Merged
rs545837 merged 1 commit intoMay 22, 2026
Conversation
|
@Iron-Ham is attempting to deploy a commit to the rs545837's projects Team on Vercel. A member of the Team first needs to authorize it. |
There was a problem hiding this comment.
inspect review
Triage: 28 entities analyzed | 0 critical, 0 high, 16 medium, 12 low
Verdict: standard_review
Findings (5)
- [low] In
materialize_tree_source, the function callsobject.peel_to_tree()which can fail if the object is not a commit or tree. For a commit SHA, this should first peel to commit then get the tree. The current code will fail for commit SHAs. - [low] In
analyze_with_options, the destructuring ofAnalysisContextincludes_source_treewhich is prefixed with underscore to indicate it's unused, but this field must be kept alive for the lifetime ofsource_rootsince it's aTempDir. If_source_treeis dropped early, the temporary directory will be deleted whilesource_rootstill references it, causing file read failures. - [low] In
predict_with_options, the same issue exists where_source_treefromAnalysisContextis destructured but the code doesn't show it being kept alive. Thectx.source_rootis used later to read files, but if_source_tree(theTempDir) is dropped, those file reads will fail. - [low] In
analyze_with_options, the_source_treefield is destructured but never used, and the TempDir will be dropped immediately after destructuring, causing the temporary directory to be deleted whilesource_rootstill points to it. This will cause file read failures whencollect_dependent_codetries to read fromsource_root. - [low] In
predict_with_options, the_source_treefield is destructured fromctxbut the destructuring is not shown in the diff. If it follows the same pattern asanalyze_with_options, the TempDir will be dropped immediately, causing the temporary directory to be deleted whilectx.source_rootis still being used to read file contents.
Reviewed by inspect | Entity-level triage found 0 high-risk changes
059e851 to
8cd0da7
Compare
There was a problem hiding this comment.
inspect review
Triage: 28 entities analyzed | 0 critical, 0 high, 16 medium, 12 low
Verdict: standard_review
Findings (6)
- [low] Resource leak: TempDir in AnalysisContext is stored but never explicitly cleaned up. The _source_tree field is prefixed with underscore suggesting it's intentionally unused, but TempDir needs to be kept alive for the duration of the analysis. If AnalysisContext is dropped before all file reads complete, the temporary directory will be deleted while still in use.
- [low] Destructuring pattern doesn't use _source_tree field, causing premature TempDir cleanup. In analyze_with_options, the AnalysisContext is destructured but _source_tree is extracted and immediately dropped. This will delete the temporary directory before dependent_code collection tries to read files from source_root.
- [low] Same TempDir premature cleanup issue in predict_with_options. The ctx.source_root is used to read files but the TempDir that owns that directory is not kept alive, leading to use-after-free of the temporary directory.
- [low] Destructuring pattern doesn't bind _source_tree, causing premature TempDir cleanup. In analyze_with_options, the AnalysisContext is destructured but _source_tree is extracted and immediately dropped. This will delete the temporary directory before dependent_code collection tries to read files from source_root.
- [low] Same TempDir premature cleanup issue in predict_with_options. The ctx is moved and _source_tree is extracted but not kept alive, causing the temporary directory to be deleted before file reads in the loop that processes dependents.
- [low] Use-after-move error in predict_with_options: ctx is moved in the destructuring pattern, but then ctx.source_root is accessed later in the loop. This will cause a compilation error.
Reviewed by inspect | Entity-level triage found 0 high-risk changes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes #12
Test plan