Description
commit_speculative_tier (native.rs) silently accepts any Err variant in committed speculative results, including a theoretical ToolError::ConfirmationRequired. The invariant that confirmation-required tools are never speculatively dispatched is enforced at try_dispatch time, but there is no machine-checkable assertion at the commit boundary.
Recommended fix
Add a debug_assert! (or explicit if cfg!(debug_assertions) guard) in commit_speculative_tier after if let Err(ref e) = result:
#[cfg(debug_assertions)]
if matches!(e, zeph_tools::ToolError::ConfirmationRequired) {
tracing::error!("invariant violated: committed speculative result is ConfirmationRequired");
}This makes the invariant explicit and catchable in debug builds without runtime cost in release.
Environment
Description
commit_speculative_tier(native.rs) silently accepts anyErrvariant in committed speculative results, including a theoreticalToolError::ConfirmationRequired. The invariant that confirmation-required tools are never speculatively dispatched is enforced attry_dispatchtime, but there is no machine-checkable assertion at the commit boundary.Recommended fix
Add a
debug_assert!(or explicitif cfg!(debug_assertions)guard) incommit_speculative_tierafterif let Err(ref e) = result:This makes the invariant explicit and catchable in debug builds without runtime cost in release.
Environment