Escalation deadlock risk with shared tokens #29

New Issue

Closed

opened 2026-05-02 06:13:22 +00:00 by rodin · 0 comments

rodin commented 2026-05-02 06:13:22 +00:00

Owner

Copy Link

Copy Source

With shared tokens and parallel CI jobs, a deadlock can occur:

1. sonnet → REQUEST_CHANGES, security → escalates to REQUEST_CHANGES
2. Dev fixes, pushes
3. sonnet wants APPROVED but sees security REQUEST_CHANGES → re-escalates
4. security wants APPROVED but sees sonnet REQUEST_CHANGES → re-escalates

Mitigated by the stale flag (reviews from old commits are skipped), but within the same CI run with parallel jobs, the race is theoretically possible.

Best fix: separate tokens per role (see sister issue). Alternative: don't check siblings at all and let each role post its honest verdict.

With shared tokens and parallel CI jobs, a deadlock can occur: 1. sonnet → REQUEST_CHANGES, security → escalates to REQUEST_CHANGES 2. Dev fixes, pushes 3. sonnet wants APPROVED but sees security REQUEST_CHANGES → re-escalates 4. security wants APPROVED but sees sonnet REQUEST_CHANGES → re-escalates Mitigated by the `stale` flag (reviews from old commits are skipped), but within the same CI run with parallel jobs, the race is theoretically possible. Best fix: separate tokens per role (see sister issue). Alternative: don't check siblings at all and let each role post its honest verdict.

rodin referenced a pull request that will close this issue 2026-05-02 14:07:15 +00:00

fix: remove worst-wins escalation logic #31

rodin closed this issue 2026-05-02 16:46:06 +00:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

ci/cleanup

ci-selfreview-gate

issue-150

issue-157

issue-141

issue-154

review-bot-dev-loop

issue-143

issue-146

pr-153

review-bot-issue-130-work

issue-148

issue-139

issue-137

review-bot-fixes

review-bot-issue-133

review-bot-issue-130

issue-130

github-support

issue-123-work

issue-123

review-bot-issue-120

fix/125-readme-cli-example

issue-125

issue-124

issue-120

feature/github-support

review-bot-issue-116

review-bot-issue-115

review-bot-issue-114

review-bot-issue-96

review-bot-issue-107

review-bot-issue-82

review-bot-issue-95

review-bot-issue-92

review-bot-issue-94

review-bot-issue-81

review-bot-issue-91

review-bot-issue-97

issue-80-c-file-reader

issue-80-b-pr-reader

issue-80-a-client

review-bot-issue-80

review-bot-issue-87

review-bot-issue-79

review-bot-issue-84

review-bot-issue-78

issue-73

issue-70

issue-68

issue-66

issue-64

issue-60-remote-personas

issue-60

issue-57

allow-deps

feat/aicore-provider-v2

issue-51

ci/pr-ready-gate

fix/stale-commit-check

feat/aicore-provider

fix/response-body-truncation

fix/json-repair

fix/sonnet-reviewer

fix/consistent-path-escape

feat/inline-review-comments

feat/6-update-existing-review

fix/19-context-overflow

feat/18-anthropic-api

fix/url-escaping-and-shadow

fix/quick-wins

fix/context-and-encapsulation

docs/code-review-report

ci/release-workflow

v0.4.0

v0.3.2

v0.3.1

v0.3.0

v0.2.0

v0.1.0

Labels

Clear labels

ai-review

bug

needs-review

ready

Ready for human review

self-reviewed

Self-review passed since last push

wip

Work in progress - do not start new work on this PR

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

security-review-bot rodin (Rodin)

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: rodin/review-bot#29