{"slug": "i-merged-348-prs-here-are-the-11-bugs-that-tested-my-sanity", "title": "I Merged 348 PRs. Here Are The 11 Bugs That Tested My Sanity.", "summary": "A developer named Aniruddha Adak, a final-year computer science student, merged 348 pull requests across dozens of repositories. He shared 11 critical bugs he encountered in modern AI and web frameworks, including cross-platform issues in Graph RAG tool cognee and AI framework openclaw, where Windows users faced OS errors due to long file paths and symlink test failures. Adak fixed these by automatically prefixing Windows paths and restructuring symlink tests to respect Windows environment paths.", "body_md": "Hey. I am Aniruddha Adak.\n\nA final year computer science student coding from a hostel room in West Bengal.\n\nTwo years ago, I was staring at a blank terminal. I was trying to understand how Git actually worked. I was terrified of merge conflicts.\n\nToday, I am looking back at 348 merged pull requests across dozens of repositories.\n\nOpen source completely changed how I write code.\n\nBut for the DEV Summer Bug Smash, I do not want to talk about the easy wins. I want to share a real *Smash Story*.\n\nI want to talk about the chaos.\n\nHere are the 11 critical bugs across modern AI and web frameworks that forced me to become a better software engineer.\n\nBugs in open source rarely look like simple syntax errors. They look like complete system failures.\n\nWhile contributing to advanced Graph RAG tools like `cognee`\n\nand AI frameworks like `openclaw`\n\n, I noticed a silent killer.\n\nMost maintainers build on Unix systems. They use Mac. They use Linux.\n\nWindows users are often left in the dark.\n\n🐞 In `cognee`\n\n, users were facing a chaotic `OS Error 3`\n\n. Windows was struggling with long file paths during dataset context resolution. It completely broke the local database integration.\n\nI dove into the LanceDB integration and wrote a fix to automatically prefix Windows paths. This bypassed the legacy path limits.\n\n[fix(lancedb): automatically prefix windows paths to resolve OS Error 3 for long paths (fixes #2941) #3123]posted on[aniruddhaadak80]Closes #2941\n\nThis PR automatically normalizes and prefixes absolute Windows paths for the vector_db_url when using local filesystem storage. This resolves OS Error 3 triggered by LanceDB subprocesses when generating long file paths for persisting vector data on Windows.\n\n🦟 The exact same thing was happening in `openclaw`\n\n. The install tests were failing exclusively on Windows machines. I restructured the symlink tests to respect Windows environment paths.\n\n[test: make install-safe-path symlink tests compatible with Windows #90275]posted on[aniruddhaadak80]## Summary\n\n- Run the existing install-path symlink boundary tests on Windows when directory junctions are supported.\n- Use Windows junctions for directory links while preserving\n`dir`\n\nsymlinks elsewhere.- Keep production install-path behavior unchanged.\n- Treat temporary-directory or cleanup failures in the capability probe as unsupported test environments instead of failing module import.\n## Linked context\n\nNo linked issue. This is a test portability improvement for existing install-path boundary coverage.\n\n## Real behavior proof\n\n- Behavior addressed: Three install-safe-path symlink boundary tests were unconditionally skipped on Windows.\n- Real environment tested: Native Windows Azure VM (\n`Standard_D4ads_v6`\n\n) through Crabbox.- Exact steps or command run after this patch:\n`node scripts/run-vitest.mjs src/infra/install-safe-path.test.ts`\n\n- Evidence after fix: Native Windows console output from Crabbox lease\n`cbx_be4230e2069c`\n\n, run`run_0fb83e164185`\n\n:\n\n```\nRUN  v4.1.8 C:/repo/openclaw\n\n✓ infra src/infra/install-safe-path.test.ts (24 tests) 525ms\n\nTest Files  1 passed (1)\nTests       24 passed (24)\n```\n\n- Observed result after fix: The directory-junction cases executed successfully on native Windows instead of being skipped by platform.\n- What was not tested: No end-user install flow was exercised because the patch changes tests only.\n- Proof limitations or environment constraints: The tests still skip when the host cannot create directory links.\n- Before evidence: Current\n`main`\n\nuses`it.runIf(process.platform !== \"win32\")`\n\nfor all three cases.## Tests and validation\n\n`node scripts/run-vitest.mjs src/infra/install-safe-path.test.ts`\n\n`node scripts/run-oxlint.mjs src/infra/install-safe-path.test.ts`\n\n- Native Windows Crabbox: 24/24 tests passed\n- Blacksmith Testbox\n`tbx_01kv72nvfyz4fgpny8cyn48xfr`\n\n:`pnpm check:changed`\n\n`.agents/skills/autoreview/scripts/autoreview --mode branch --base origin/main`\n\n## Risk checklist\n\n- Did user-visible behavior change? No\n- Did config, environment, or migration behavior change? No\n- Did security, auth, secrets, network, or tool execution behavior change? No\n- Highest-risk area: Windows directory-link capability detection in the test harness.\n- Mitigation: Capability-gated execution plus direct native-Windows proof.\n## Current review state\n\n- Next action: Refresh CI on the rebased head and merge when required checks pass.\n- Addressed review comments: Temporary directory creation and cleanup are contained by the probe; module-level probing remains intentional because Vitest evaluates\n`skipIf`\n\nduring test declaration.\n\nAI agents are powerful. But they are incredibly fragile when they receive unexpected data.\n\n🦗 In the `hermes-agent`\n\nrepository, I found a bug where the system would panic if an API returned an empty response. I implemented a fix to handle `None`\n\nresponses gracefully from the ACP permission requests.\n\n[fix(permissions): handle None response from ACP request_permission #13457]posted on[aniruddhaadak80]## What does this PR do?\n\nThis PR hardens the ACP ? Hermes permission-approval bridge by safely handling an unexpected None result from equest_permission, preventing attribute errors and defaulting to a safe deny.\n\n## Related Issue\n\nFixes #13449\n\n## Type of Change\n\n- [x] ?? Bug fix (non-breaking change that fixes an issue)\n- [ ] ? New feature (non-breaking change that adds functionality)\n- [ ] ?? Security fix\n- [ ] ?? Documentation update\n- [x] ? Tests (adding or improving test coverage)\n- [ ] ?? Refactor (no behavior change)\n- [ ] ?? New skill (bundled or hub)\n## Changes Made\n\n- Return \"deny\" when equest_permission resolves to None in the approval callback.\n- Add a unit test covering the None response case to ensure the callback denies safely.\n## How to Test\n\n- Connect via an ACP client that sends an empty response to permission requests.\n- Verify the permission is denied rather than throwing an exception.\n## Checklist\n\n## Code\n\n- [x] I've read the Contributing Guide\n- [x] My commit messages follow Conventional Commits\n- [x] I searched for existing PRs to make sure this isn't a duplicate\n- [x] My PR contains only changes related to this fix/feature (no unrelated commits)\n- [x] I've run pytest tests/ -q and all tests pass\n- [x] I've added tests for my changes (required for bug fixes, strongly encouraged for features)\n- [x] I've tested on my platform\n## Documentation & Housekeeping\n\n- [x] I've updated relevant documentation (README, docs/, docstrings) � or N/A\n- [x] I've updated cli-config.yaml.example if I added/changed config keys � or N/A\n- [x] I've updated CONTRIBUTING.md or AGENTS.md if I changed architecture or workflows � or N/A\n- [x] I've considered cross-platform impact (Windows, macOS) per the compatibility guide � or N/A\n- [x] I've updated tool descriptions/schemas if I changed tool behavior � or N/A\n\nBack in `cognee`\n\n, I tackled two more critical architecture flaws.\n\n🪳 First, the graph engine was initializing before the dataset context was actually ready. This order dependency bug caused random failures. I rewired the visualization logic to wait for resolution.\n\n[fix(visualize): resolve dataset context before initializing graph engine #3114]posted on[aniruddhaadak80]Closes #3007\n\nCurrently, visualize_graph() initializes the graph engine without any dataset context, falling back to the default empty graph database instead of the actual per-dataset database where cognify writes. This fix matches the dataset resolution logic in search() by resolving datasets via get_authorized_existing_datasets and providing the dataset UUID to get_unified_engine().\n\n🪰 Second, I found a vulnerability where global settings were exposed and public registration was left wide open. I locked it down.\n\n[fix(security): restrict global settings and disable public registration #3115]posted on[aniruddhaadak80]Closes #3084\n\nThis PR addresses the security vulnerabilities reported in #3084:\n\n- Requires superuser privileges for POST /api/v1/settings to prevent global configuration takeover.\n- Fully masks LLM and VectorDB API keys in GET /api/v1/settings to prevent leaking key prefixes.\n- Adds a COGNEE_PUBLIC_REGISTRATION_ENABLED environment variable to allow administrators to disable public self-registration.\n\nThe most intense debugging sessions happened inside `Tracer-Cloud/opensre`\n\n.\n\nI spent weeks clearing out a lineup of database logic errors and QA edge cases. These were the kinds of bugs that only show up under heavy load or specific cloud configurations.\n\nI shipped five separate pull requests to stabilize their systems.\n\n🪲 *Batch 2 Edge Cases:* I expanded the database logic to catch unhandled state changes.\n\n[fix: Database logic expansion for QA Edge Cases (Batch 2) #626]posted on[aniruddhaadak80]_build_database_directive() has been expanded exponentially to train the AI to parse red herrings, distinguish between dual fault symptoms versus single root causes, infer missing Storage metrics organically, ignore healthy oscillating traffic metrics, and trace WAL replication lags adequately.\n\n🐛 *Batch 3 Edge Cases:* I patched another layer of database failures.\n\n[fix: Database logic expansion for QA Edge Cases (Batch 3) #627]posted on[aniruddhaadak80]Resolves #606, resolves #607, resolves #608, resolves #609, resolves #610. Expands the\n\n`_build_database_directive()`\n\nfunction to correctly train the LLM to identify Compositional Faults (treating simultaneous CPU and Storage constraints as independent sources while filtering out connection bounds), infer replication lag from bare WAL metrics despite missing Replica metrics, accurately ignore historical maintenance distractions via timestamps, identify stale autoscaling recovery, and distinguish VACUUM-driven Checkpoint Storms.\n\n🦗 *RDS Testing:* I corrected broken testing environment directives for their relational databases.\n\n[fix: Database directives for RDS QA testing #625]posted on[aniruddhaadak80]Resolves #598 and #599 by supplying the agent with specific database directives that inform the RCA logic of standard scenarios like Connection Exhaustion and Free Storage exhaustion.\n\n🪳 *Validation Status:* I fixed a critical bug by including `eks_*`\n\nkeys so the system could correctly identify a healthy state.\n\n[Fix: Include eks_* keys in _INVESTIGATED_EVIDENCE_KEYS for is_clearly_healthy (Fixes #582) #617]posted on[aniruddhaadak80]Fixes #582\n\n## Type of Change\n\n- [x] Bug fix (non-breaking change which fixes an issue)\n- [ ] New feature (non-breaking change which adds functionality)\n- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)\n- [ ] This change requires a documentation update\n## What changed and why\n\nThe\n\n`is_clearly_healthy()`\n\nshort-circuit relies on the presence of keys in`_INVESTIGATED_EVIDENCE_KEYS`\n\nto verify that an investigation collected evidence. This set was missing all Kubernetes / EKS keys. Because of this gap, investigations finding pure-Kubernetes workloads in a healthy state missed the short-circuit and incorrectly ran the root cause LLM.This PR adds the missing EKS investigation keys (\n\n`eks_pods`\n\n,`eks_events`\n\n,`eks_deployments`\n\n,`eks_node_health`\n\n,`eks_pod_logs`\n\n) to`_INVESTIGATED_EVIDENCE_KEYS`\n\n.\n\nNote: This relies on the changes from #581 where the EKS mappers populate these keys in`state[\"evidence\"]`\n\n.## Testing steps with evidence\n\n- Added parameterized unit tests in\n`tests/nodes/root_cause_diagnosis/test_evidence_checker.py`\n\n.- Tested the\n`is_clearly_healthy`\n\nfunction directly, ensuring pure-EKS healthy configurations return`True`\n\n, mixed outputs return`True`\n\n, and an unhealthy`state`\n\ncorrectly blocks it returning`False`\n\n.## Impact analysis\n\nBackward Compatibility:Yes, fully compatible.Breaking Changes:None. This saves redundant reasoning LLM tokens and time.## AI-Assisted Contribution\n\n- [x] I have reviewed every line of code.\n- [x] I understand the logic.\n- [x] I have tested edge cases.\n- [x] I have verified the code matches the project conventions.\n\n🐜 *Synthetic QA:* I resolved an alerting classification bug so healthy alerts were no longer flagged as broken.\n\n[fix(synthetic-qa): Identify healthy alerts correctly (#596) #618]posted on[aniruddhaadak80]This PR fixes the\n\n`000-healthy`\n\nsynthetic-qa failure (Fixes: #596).## Cause:\n\n- The LLM extraction step was classifying 'healthy' and scheduled checks (which have severity 'info' and state 'normal') as\n`is_noise=True`\n\n.- Even if it bypassed noise extraction, the LLM was assuming it didn't need to gather investigation metrics because the alert explicitly said the database was normal, leading to an empty sequence of actions. This empty sequence caused the\n`is_clearly_healthy`\n\nfunction to loop infinitely because condition 4 requires at least one investigative operation.## Fix:\n\nNoise Extraction: Updated`app/nodes/extract_alert/extract.py`\n\nprompt to explicitly state that informational states and health checks are NOT noise.Planner Prompt Guidance: Updated`app/nodes/plan_actions/build_prompt.py`\n\nto ensure the agent MUST still query relevant monitoring platforms for verification when it identifies informational or healthy states.Planner Code Guard: Added a code-level guard in`app/nodes/plan_actions/node.py`\n\nto fall back and force at least one verification action if the LLM returns an empty plan to prevent infinite insufficient_evidence loops.Evidence Consistency: Fixed EKS evidence truthiness check in`app/nodes/root_cause_diagnosis/evidence_checker.py`\n\nto correctly evaluate via`is not None`\n\n.Cleanup: Removed accidentally committed`pr_body.md`\n\ntemplate.\n\nSometimes the most annoying bugs are the ones the user stares at directly.\n\n🪰 In `openclaw`\n\n, the configuration wizard would just look broken if a user had no skills set up. It was a blank void. I jumped into the frontend and built an empty state notice to guide the user forward.\n\n[fix(skills): show empty state notice in config wizard #85032]posted on[aniruddhaadak80]## Summary\n\n- Rebase the skills wizard empty-state fix onto current\n`main`\n\n.- Show an explicit all-ready note when skill setup has no missing dependencies to install.\n- Add localized title copy and focused regression coverage.\n## Real behavior proof\n\nBehavior addressed:\n\n`setupSkills()`\n\ncould show the status summary, ask to configure skills, and then exit without any next-step note when every non-blocked skill was already eligible and no requirements were missing. Real environment tested: local OpenClaw source checkout on macOS, Node/pnpm repo runtime, with a temporary`OPENCLAW_HOME`\n\nand the production skills status/setup path exercised directly through`node --import tsx`\n\n. Exact steps or command run after this patch:`OPENCLAW_HOME=$(mktemp -d) TMP_WS=$(mktemp -d) node --import tsx --input-type=module`\n\nprobe that builds real workspace skill status, disables the few missing non-blocked local skills to create the all-ready state, then calls`setupSkills()`\n\nwith a recording prompter. Evidence after fix:\n\n```\n{\n  \"disabledMissingSkills\": [\n    \"qqbot-channel\",\n    \"qqbot-media\",\n    \"qqbot-remind\"\n  ],\n  \"finalNote\": {\n    \"title\": \"All skills ready\",\n    \"message\": \"No missing skill dependencies to install.\\nTo inspect available skills, run: openclaw skills list --verbose\\nTo check skill status, run: openclaw skills check\"\n  }\n}\n```\n\nObserved result after fix: the wizard emits an\n\n`All skills ready`\n\nnote with`openclaw skills list --verbose`\n\nand`openclaw skills check`\n\n, does not show dependency multiselect, and does not call the installer. What was not tested: no manual interactive terminal wizard session; the direct probe exercises the production setup path with a recording prompter, and the focused test covers the exact prompter calls.## Verification\n\n`pnpm test src/commands/onboard-skills.test.ts`\n\n`pnpm check:test-types`\n\n`git diff --check`\n\n- Auto Review: clean, no accepted/actionable findings.\n\nSmashing these 11 bugs taught me a few golden rules.\n\n1️⃣ *Test your paths.* Never assume everyone is running Linux.\n\n2️⃣ *Expect the null.* AI agents will eventually receive empty data. Build fallbacks.\n\n3️⃣ *Small steps matter.*\n\nI started my journey writing simple Python scripts in repositories like `100LinesOfPythonCode`\n\n. Those tiny commits gave me the confidence to dive into massive AI architectures and cloud database logic.\n\n✅ Every single merge represents a puzzle solved.\n\n✅ Every PR is a conversation with a maintainer.\n\n✅ Every bug smashed is a step forward in my engineering journey.\n\nIf you want to talk about open source, Python, or AI systems, feel free to connect with me.\n\n*This is a submission for DEV's Summer Bug Smash: Smash Stories powered by Sentry.*\n\nLet us keep creating in the open.", "url": "https://wpnews.pro/news/i-merged-348-prs-here-are-the-11-bugs-that-tested-my-sanity", "canonical_source": "https://dev.to/aniruddhaadak/i-merged-348-prs-here-are-the-11-bugs-that-tested-my-sanity-1ne8", "published_at": "2026-07-15 07:56:07+00:00", "updated_at": "2026-07-15 08:29:12.320634+00:00", "lang": "en", "topics": ["developer-tools", "artificial-intelligence"], "entities": ["Aniruddha Adak", "cognee", "openclaw", "LanceDB", "Windows", "Unix", "Mac", "Linux"], "alternates": {"html": "https://wpnews.pro/news/i-merged-348-prs-here-are-the-11-bugs-that-tested-my-sanity", "markdown": "https://wpnews.pro/news/i-merged-348-prs-here-are-the-11-bugs-that-tested-my-sanity.md", "text": "https://wpnews.pro/news/i-merged-348-prs-here-are-the-11-bugs-that-tested-my-sanity.txt", "jsonld": "https://wpnews.pro/news/i-merged-348-prs-here-are-the-11-bugs-that-tested-my-sanity.jsonld"}}