Yurii: clavis-telemetry unchecked flush error in tarpit #4

New Issue

johan · 2026-04-09T04:46:18Z

johan commented

2026-04-09 04:46:18 +00:00

Violation

Per CLAVITOR-AGENT-HANDBOOK.md Part 1:

Mandatory error handling with unique codes:

Every if needs an else.

Location

File: clavis/clavis-telemetry/main.go
Function: tarpit() (lines 121-148)

Lines 143-145:

if flusher, ok := w.(http.Flusher); ok {
    flusher.Flush()
}

The Violation

The w.Write() error is properly checked (good!)
But the flusher.Flush() is called without acknowledging it returns no error value
No comment explaining why this is acceptable

While flush errors are less common in tarpit scenarios (deliberately wasting scanner resources), the principle states: "Every if needs an else."

Why This (Minor) Fix Matters

The tarpit is a security feature. We should acknowledge:

http.Flusher.Flush() returns no value (can't error per interface)
Write error is the primary disconnect signal
Add comment explaining this is intentional

Required Fix

if flusher, ok := w.(http.Flusher); ok {
    // Flush has no return value per http.Flusher interface
    // Write error above is the primary signal for client disconnect
    flusher.Flush()
}

Assignment

Domain: clavis-telemetry
Domain Owner: Hans (per Section I agent mapping)
Priority: Low
Review by: Yurii (after fix)

## Violation Per CLAVITOR-AGENT-HANDBOOK.md Part 1: > Mandatory error handling with unique codes: > - Every `if` needs an `else`. ## Location File: `clavis/clavis-telemetry/main.go` Function: `tarpit()` (lines 121-148) Lines 143-145: ```go if flusher, ok := w.(http.Flusher); ok { flusher.Flush() } ``` ## The Violation 1. The `w.Write()` error is properly checked (good!) 2. But the `flusher.Flush()` is called without acknowledging it returns no error value 3. No comment explaining why this is acceptable While flush errors are less common in tarpit scenarios (deliberately wasting scanner resources), the principle states: "Every `if` needs an `else`." ## Why This (Minor) Fix Matters The tarpit is a security feature. We should acknowledge: - `http.Flusher.Flush()` returns no value (can't error per interface) - Write error is the primary disconnect signal - Add comment explaining this is intentional ## Required Fix ```go if flusher, ok := w.(http.Flusher); ok { // Flush has no return value per http.Flusher interface // Write error above is the primary signal for client disconnect flusher.Flush() } ``` ## Assignment - Domain: clavis-telemetry - Domain Owner: Hans (per Section I agent mapping) - Priority: Low - Review by: Yurii (after fix)

hans was assigned by johan

2026-04-09 05:41:54 +00:00

johan closed this issue

2026-04-09 06:34:04 +00:00

johan referenced this issue from a commit

2026-04-09 07:16:12 +00:00

telemetry: fix CRITICAL silent failures (Cardinal Rule #1)

johan referenced this issue from a commit

2026-04-09 07:37:04 +00:00

test: Add comprehensive error handling tests for clavis-telemetry

Sign in to join this conversation.