[H7] Attended-consent MessageBoxW awaited inside agent main loop -> up to ~60s of no heartbeats/stop processing #21

Open
opened 2026-06-05 17:35:54 -07:00 by azcomputerguru · 0 comments

Severity: High

Component(s): agent

Affected file(s):

  • agent/src/session/mod.rs

Problem:
The attended-consent MessageBoxW is .await'ed inside the agent main loop, so for up to ~60s the agent processes no heartbeats, status, or stop signals.

Recommended fix:
Drive consent off the main loop via a task that owns only the response send.

Remediation phase: P3

From the 2026-06-05 three-way review (Claude+Gemini+Grok) — see reports/review-2026-06-05/SYNTHESIS-three-way.md (finding H7) and REMEDIATION-PLAN.md (P3).

**Severity:** High **Component(s):** agent **Affected file(s):** - `agent/src/session/mod.rs` **Problem:** The attended-consent `MessageBoxW` is `.await`'ed inside the agent main loop, so for up to ~60s the agent processes no heartbeats, status, or stop signals. **Recommended fix:** Drive consent off the main loop via a task that owns only the response send. **Remediation phase:** P3 From the 2026-06-05 three-way review (Claude+Gemini+Grok) — see reports/review-2026-06-05/SYNTHESIS-three-way.md (finding H7) and REMEDIATION-PLAN.md (P3).
azcomputerguru added the severity:highcomponent:agentsecurity labels 2026-06-05 17:35:54 -07:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: azcomputerguru/guru-connect#21