fix: rollback artifacts after manifest append failures

[ThomasK33]

Summary

• Roll back screenshot PNGs and snapshot JSON artifacts when manifest append fails after the artifact write/rename succeeds.
• Add centralized appendArtifactWithRollback(...) manifest registration so default in-session artifacts share one rollback path.
• Extend rollback handling to default record exports while preserving explicit --out files if internal manifest append fails.
• Add unit coverage for screenshot/snapshot rollback, record-export rollback wiring, explicit --out preservation, and direct helper behavior.

Fixes #79.

Validation

• mise run ci
• npx vitest run test/unit/commands/record-export.test.ts test/unit/commands/screenshot.test.ts test/unit/commands/snapshot.test.ts test/unit/storage/artifactStorage.test.ts test/unit/screenshot/capture.test.ts test/unit/snapshot/capture.test.ts
• npm run typecheck
• npm run lint
• npm run format:check

Dogfooding

• Not applicable: this is a storage rollback fix covered by unit tests and CI; no rendered-output behavior changed.

---

Generated with mux • Model: openai:gpt-5.5 • Thinking: high

[ThomasK33]

/coder-agents-review

[coder-agents-review]

The rollback logic is clean and correctly placed. Both paths track artifact creation with the right granularity (path for screenshot, boolean for snapshot), clean up only what was actually created, and rethrow the original error without masking. Tests use authentic manifest validation failures instead of mocks, which proves the rollback against real production code paths. Pariston systematically tried to build a case against this change and could not.

1 P2 (sibling site), 2 P3, 1 Nit, 1 Note.

The P2 is outside the diff: record-export.ts:374 has the same unprotected write-then-append pattern. Two of three appendArtifact call sites are now protected; one is not.

"I looked for a scenario where the stated problem exists but this fix does not help. The relevant one: appendArtifact succeeds but then something between append and the function return throws. In both screenshot and snapshot paths, there is no code between appendArtifact() and the end of the try block. So this scenario cannot occur." (Pariston)

---

src/cli/commands/record-export.ts:374

P2 [DEREM-1] appendArtifact failure after artifact write leaves unmanifested export file on disk.

This call site has the identical write-then-append pattern that the PR fixes in screenshot/capture.ts and snapshot/capture.ts. writeTextFileAtomic (line 298, asciicast) or generateWebmExport (line 315, webm) writes the artifact file, then appendArtifact at line 374 registers it. If appendArtifact fails, the catch block (line 415) wraps the error but does not remove the already-written artifact file. grep -rn 'appendArtifact(' src/ returns three call sites; two are now protected, this one is not.

"The agent fixed the instances it was already looking at and stopped. This is the classic 'fix one instance without searching for siblings' incompleteness." (Mafu-san P2, Netero P3)

🤖

🤖 This review was automatically generated with Coder Agents.

[ThomasK33]

Addressed coder-agents review feedback in e1aa1a3:

• P2 DEREM-1: record export now rolls back written asciicast/WebM artifacts when manifest append fails.
• P3 DEREM-2: introduced centralized appendArtifactWithRollback(...) and migrated screenshot, snapshot, and record export call sites.
• P3 DEREM-3: screenshot rollback test now verifies the manifest remains unchanged.
• Nit DEREM-4: added the missing poisoned-manifest setup comment in the snapshot rollback test.
• Note DEREM-5: kept cleanup best-effort/non-masking, now centralized for future diagnostics.

[ThomasK33]

/coder-agents-review

[coder-agents-review]

R1 findings all addressed or acknowledged. The centralized appendArtifactWithRollback helper is the right structural response to DEREM-2, and the screenshot/snapshot rollback tests are genuine (manifest poisoning, no mocks). Good work on the structural fix.

R2 surfaces new issues from the rework: 3 P0 (test breakage), 2 P2 (behavioral regression + fake tests), 4 P3, 3 Nit.

The three P0s share a root cause: the vi.mock factories for artifactManifest.js in record-export, screenshot, and snapshot command tests do not export appendArtifactWithRollback. 19 tests fail across three files. The PR description claims mise run ci validation, but these failures are visible in any local test run.

The P2 --out regression (DEREM-9) was the highest-convergence finding: six reviewers flagged that appendArtifactWithRollback unconditionally deletes artifactOutputPath on manifest failure, including user-specified --out paths outside the session directory. Pre-PR, the file survived manifest failures.

PR description needs updating: it lists screenshot and snapshot rollback but omits record-export rollback, the centralized appendArtifactWithRollback helper, and record-export test coverage.

---

test/unit/commands/record-export.test.ts:64

P0 [DEREM-6] vi.mock factory for artifactManifest.js exports appendArtifact and createArtifactEntry but not appendArtifactWithRollback. Production code (record-export.ts:27) now imports appendArtifactWithRollback from this module. 11 of 15 tests fail with TypeError: appendArtifactWithRollback is not a function. Same gap exists in screenshot.test.ts:54 (3/12 fail) and snapshot.test.ts:35 (5/14 fail). 19 total failures.

(Netero, Mafu-san)

🤖

test/unit/commands/screenshot.test.ts:54

P0 [DEREM-7] Same mock gap as DEREM-6; 3 of 12 tests fail. The vi.mock factory exports appendArtifact and createArtifactEntry but not appendArtifactWithRollback.

(Netero)

🤖

test/unit/commands/snapshot.test.ts:35

P0 [DEREM-8] Same mock gap as DEREM-6; 5 of 14 tests fail. The vi.mock factory exports appendArtifact and createArtifactEntry but not appendArtifactWithRollback.

(Netero)

🤖

🤖 This review was automatically generated with Coder Agents.

[ThomasK33]

Addressed the R2 coder-agents review in 5e69a19 and 7da12b8:

• P0 DEREM-6/7/8: added appendArtifactWithRollback to command-test mocks; targeted command tests now pass locally.
• P2 DEREM-9: explicit --out files are preserved on manifest append failure.
• P2 DEREM-10: command tests assert rollback wiring; direct storage tests cover real helper rollback behavior.
• P3/Nits DEREM-11 through DEREM-17: internalized unsafe append, documented the helper, moved rollback inside the serialized append operation, added direct/concurrent helper tests, simplified the API to entry, documented best-effort rm, and restored spacing.

Validation after fixes:

• npx vitest run test/unit/commands/record-export.test.ts test/unit/commands/screenshot.test.ts test/unit/commands/snapshot.test.ts test/unit/storage/artifactStorage.test.ts test/unit/screenshot/capture.test.ts test/unit/snapshot/capture.test.ts
• npm run typecheck
• npm run lint
• npm run format:check

[ThomasK33]

/coder-agents-review

[coder-agents-review]

All 17 prior findings resolved. The centralized appendArtifactWithRollback helper is well-designed: rollback runs inside the serializer callback (preventing bystander deletion), --out files are preserved, the unsafe appendArtifact is private, guard invariants are tested, and the mock architecture matches the module boundary. 83 tests pass; typecheck and lint clean.

1 P3 (comment request), 4 Nit. The P3 is about documenting the data-safety reasoning behind the --out conditional, not a code defect.

"I tried to build a case against this PR's premises and could not. The centralized-rollback approach addresses the problem at the right granularity without adding infrastructure." (Pariston)

---

test/unit/commands/record-export.test.ts:295

Nit [DEREM-21] Asserts on mocks.appendArtifact (inner delegate) while the new rollback tests at lines 510, 568, 601 assert on mocks.appendArtifactWithRollback (the function production code calls). Two assertion patterns for the same mock layer.

(Bisky)

🤖

test/unit/storage/artifactStorage.test.ts:211

Nit [DEREM-22] Test name says appendArtifact() but the function is now appendArtifactWithRollback().

(Meruem)

🤖

🤖 This review was automatically generated with Coder Agents.

[ThomasK33]

Addressed R3 coder-agents review feedback in 565f6fd:

• P3 DEREM-18: documented why explicit --out files are preserved and only default in-session artifacts are rolled back.
• Nit DEREM-19: documented the KeyedSerializer queued-failure mechanism in the test.
• Nit DEREM-20: clarified the private append mock is test-internal delegate wiring.
• Nit DEREM-21: switched the record-export assertion to the production-facing appendArtifactWithRollback mock.
• Nit DEREM-22: updated the concurrent helper test name.

Validation after R3 fixes:

• npx vitest run test/unit/commands/record-export.test.ts test/unit/commands/screenshot.test.ts test/unit/commands/snapshot.test.ts test/unit/storage/artifactStorage.test.ts
• npm run lint
• npm run typecheck
• npm run format:check

[ThomasK33]

/coder-agents-review

[coder-agents-review]

R3 findings all addressed. 22 of 22 prior findings resolved or acknowledged. The PR is in excellent shape.

R4 surfaces 1 P3 and 3 Nit. The P3 is a contract precision issue: validateArtifactEntry at line 188 runs before the serializer's try/catch, so entry validation failure bypasses rollback. All current callers construct valid entries, so this path is unreachable in practice, but the doc comment promises rollback on any append failure.

"TypeScript types and upstream validation make schema failure equally unreachable. But the contract says 'if the append fails, rollback' and entry validation IS part of the append." (Mafuuu)

---

test/unit/commands/screenshot.test.ts:547

Nit [DEREM-26] expect(mocks.appendArtifact).not.toHaveBeenCalled() checks the internal delegate instead of mocks.appendArtifactWithRollback. DEREM-21 fixed the same pattern in record-export.test.ts; this sibling was missed.

(Zoro, Kite)

🤖

🤖 This review was automatically generated with Coder Agents.

[ThomasK33]

Addressed R4 coder-agents feedback in 7836853:

• P3 DEREM-24: entry validation now occurs inside the serialized try/catch so rollback covers validation failures; added direct invalid-entry rollback coverage.
• Nit DEREM-23: removed dead appendArtifact exports from vi.mock factories while keeping the test-internal delegate.
• Nit DEREM-25: updated snapshot test comment to refer to appendArtifactWithRollback.
• Nit DEREM-26: screenshot failure-path assertion now checks appendArtifactWithRollback was not called.

Validation after R4 fixes:

• npx vitest run test/unit/storage/artifactStorage.test.ts test/unit/commands/record-export.test.ts test/unit/commands/screenshot.test.ts test/unit/commands/snapshot.test.ts test/unit/snapshot/capture.test.ts
• npm run lint
• npm run typecheck
• npm run format:check

[ThomasK33]

/coder-agents-review

[coder-agents-review]

26 of 26 prior findings resolved or acknowledged. R5 panel: 12 of 14 reviewers found no new issues. 84 tests pass; typecheck and lint clean.

1 Nit (DEREM-27): screenshot test comment still references the now-private appendArtifact.

Mafu-san notes this is the third round where a named fix missed a sibling file. The code impact is Nit-level (comment text), but the pattern is worth noting for future agent work: grep for the class after fixing an instance.

🤖 This review was automatically generated with Coder Agents.

[ThomasK33]

Addressed R5 DEREM-27 in 5365793 by updating the screenshot rollback test comment to refer to appendArtifactWithRollback.

Validation:

• npx vitest run test/unit/screenshot/capture.test.ts test/unit/snapshot/capture.test.ts
• npm run format:check
• npm run lint
• npm run typecheck

[ThomasK33]

/coder-agents-review

[coder-agents-review]

27 of 27 findings resolved. Netero and all 14 panel reviewers found no new issues. 84 tests pass; typecheck and lint clean. Zero open findings. The PR is ready for merge.

🤖 This review was automatically generated with Coder Agents.