McRitchie Studio
Say Hi 👋
Agents Builders
← All Tasks
Sizing

Fix retro heroku-run escaping

Archived
fix-retro-heroku-run-escaping

Created

Jun 23, 20:01

Started

Jun 23, 20:58

Completed

Jun 23, 21:51

DevOps handoff

Type

Bug

Shape

backend

Worktree Slug

fix-retro-heroku-run-escaping

Repositories

mcritchie-studio

Release Train

Branch

feat/fix-retro-heroku-run-escaping

Pull Request

https://github.com/amcritchie/mcritchie-studio/pull/134

Local URL

QA URL

Production URL

tooling devops

Acceptance Criteria

  • retro answers JSON survives heroku run intact
  • retro renders on PROD board not only local
  • payload passed shell-safe via base64 env or stdin

Expected Test Plan

  • unit
  • integration

Checks Run

  • [unit] retro_record_ruby passes payload as Base64, not raw JSON
  • [unit] quotes/parens/&&/pipes/backticks round-trip through encode/decode
  • [unit] empty answers survive (JSON::ParserError repro)
  • [integration] retro CLI flow decodes answers from Base64 payload
  • [integration] full bin/rails test green (1281 runs, 0 failures)

Agent Context

Found by dogfooding bin/release retro on rel-20260623-ba72f5 right after shipping #130. The conductor helper interpolates the answers JSON as an escaped Ruby string into 'rails runner "..."' and runs it via heroku run; heroku run's arg handling eats the \" escaping so the remote receives mangled JSON. Two repros on PROD board: (a) answers with parens -> remote bash 'syntax error near unexpected token (' ; (b) EVEN empty answers -> JSON::ParserError 'got worked:[],riction:[],ollowups:' (quotes + leading f eaten). Tests passed because they hit Release::Retro directly + the local CLI path, never the real heroku-run quoting round-trip. Fix: stop string-interpolating the payload into rails runner; pass it shell-safe — base64-encode the JSON and decode remotely, or via ENV, or stdin — and add a test that exercises the actual conductor/heroku-run command construction. Same shell-boundary class as the post-deploy --exit-code/Shellwords findings.

Stage Timeline

Who handled each stage, the time it took (measured), and the model / tokens / cost reported (best-effort) — plus who's on it right now. means the agent didn't report that metric.

  1. Created Designed
    G Gyarados
    Gyarados
    Model
    Duration
    Tokens
    Cost
    Completed Jun 23, 20:01 · 4 days ago
    api
  2. Designed Building
    G Gyarados
    Gyarados
    Model
    claude-opus-4-8
    Duration
    about 1 hour
    Tokens
    Cost
    Started Jun 23, 20:01
    Completed Jun 23, 20:58 · 4 days ago
    cli
  3. Building Submitted
    G Gyarados
    Gyarados
    Model
    claude-opus-4-8
    Duration
    8 minutes
    Tokens
    4,410,997
    Cost
    ~$3.28
    Started Jun 23, 20:58
    Completed Jun 23, 21:06 · 4 days ago
    cli
  4. Submitted Reviewed
    C Carl
    Carl primary
    S Shannon
    Shannon light
    Model
    claude-opus-4-8
    Duration
    8 minutes
    Tokens
    Cost
    Started Jun 23, 21:06
    Completed Jun 23, 21:15 · 4 days ago
    cli
  5. Reviewed Assembled
    S Steffon
    Steffon
    Model
    Duration
    under a minute
    Tokens
    Cost
    Started Jun 23, 21:15
    Completed Jun 23, 21:16 · 4 days ago
  6. Assembled Shipped
    A Avi
    Avi
    Model
    Duration
    36 minutes
    Tokens
    Cost
    Started Jun 23, 21:16
    Completed Jun 23, 21:51 · 4 days ago
  7. Shipped Archived
    Model
    Duration
    about 6 hours
    Tokens
    Cost
    Started Jun 23, 21:51
    Completed Jun 24, 03:44 · 3 days ago

Conversation

QA review feedback, agent handoffs, and follow-up notes for this task.

QA Feedback avi 4 days ago

2-senior PASS: jasper (HEAVY) approve — Base64 round-trip exact for quotes/parens/&&/pipes/backticks/unicode/newlines/60KB, urlsafe never line-wraps, survives bash -c reparse; other conductor callers untouched (slug-shaped .inspect only); fail-first genuine (4 RED pre-fix), tests assert command construction. alex-docs (LIGHT) approve — stale 'safe inspected literal' comment replaced. DEFERRED non-blocking nits: one vacuous refute_includes("worked":) assertion (real guards are the &&/pipe/Base64 ones); add require 'base64' to the remote snippet defensively; Base64 ~33% size inflation (fine for real retro text).

Sealed-bid sizing

Edit →

Alex (PM)

Avi (PO)

Dev

Actual