What changed
Compound engineering review of v2.4.1 caught 10 issues across 6 parallel reviewers. All fixed.
Bug fixes
- Fixed caller dict mutation in
_auto_remove_bad_env_vars()— was modifying the caller's settings dict in-place viaenv_block.pop(). Now copies before mutating. - Fixed
_manage_mcpguard logic — old guard (not settings_path) was dead code, new guard properly catches missing/empty settings. - Fixed doctor check numbering — two checks were both labeled #10.
Hardening
- Added try/except on atomic write in
_auto_remove_bad_env_vars()— prevents SessionStart hook crash on disk I/O failure. - Orphaned temp file cleanup —
ensure-healthnow cleans up stale.settings-*.jsontemp files older than 1 hour.
Code quality
- Consolidated duplicate write functions — deleted
_write_settings_json(identical to_write_settings_atomic), net -12 lines. - Eliminated triple-read in doctor check #9 —
_auto_remove_bad_env_vars()now returns removed list and accepts optionalsettingsparam. - Removed redundant call from
quick_scan()— SessionStart hook already handles env var cleanup. _read_settings_jsonnow usesSETTINGS_PATHconstant (consistency with writer).- Compaction loss map dedup — statusline.js reads
cumulative_loss_pctfrom quality-cache.json instead of hardcoding values. - Fixed misleading comment — "MRCR bands" → "Context fill bands" in statusline.js.
- BAD_ENV_VARS docstring — converted dangling string literal to proper comments.
Review methodology
3 compound-engineering agents (code-simplicity, security-sentinel, pattern-recognition) + 3 code-simplifier agents (reuse, quality, efficiency) run in parallel. All findings aggregated and fixed.