AntFleet two-model review found a durability issue in local config persistence.
Summary
saveConfig writes the full ACP config directly to the final config path. If the process is interrupted or the write fails mid-write, the config file can be left truncated or partial JSON. loadConfig then catches the parse failure and returns an empty config object, making local agent/wallet/job registry state appear to be gone.
Evidence
src/lib/config.ts: saveConfig writes directly to CONFIG_PATHsrc/lib/config.ts: loadConfig catches JSON parse/read failures and returns {}
Impact
A Ctrl-C, OS crash, ENOSPC, or similar interruption during a config write can corrupt the local config. Subsequent commands may report missing active agent or wallet state even though server-side/on-chain records still exist.
Suggested fix
Write config atomically: write to a temporary file in the same directory, fsync if desired, then rename it over the final path. For example, write CONFIG_PATH + ".tmp" with restrictive permissions and then renameSync it to CONFIG_PATH.
It may also be useful for loadConfig to warn when JSON parsing fails instead of silently treating a corrupt config as empty.
Suggested regression test
Start with an existing config file, simulate a write failure during an update, and assert the previous config contents remain intact. After a rename-based fix, the final path should contain either the old complete config or the new complete config, never a partial file.
AntFleet two-model review found a durability issue in local config persistence.
Summary
saveConfigwrites the full ACP config directly to the final config path. If the process is interrupted or the write fails mid-write, the config file can be left truncated or partial JSON.loadConfigthen catches the parse failure and returns an empty config object, making local agent/wallet/job registry state appear to be gone.Evidence
src/lib/config.ts:saveConfigwrites directly toCONFIG_PATHsrc/lib/config.ts:loadConfigcatches JSON parse/read failures and returns{}Impact
A Ctrl-C, OS crash, ENOSPC, or similar interruption during a config write can corrupt the local config. Subsequent commands may report missing active agent or wallet state even though server-side/on-chain records still exist.
Suggested fix
Write config atomically: write to a temporary file in the same directory, fsync if desired, then rename it over the final path. For example, write
CONFIG_PATH + ".tmp"with restrictive permissions and thenrenameSyncit toCONFIG_PATH.It may also be useful for
loadConfigto warn when JSON parsing fails instead of silently treating a corrupt config as empty.Suggested regression test
Start with an existing config file, simulate a write failure during an update, and assert the previous config contents remain intact. After a rename-based fix, the final path should contain either the old complete config or the new complete config, never a partial file.