Parent umbrella issue: #408
Source audit: Weekly tech debt audit: dispatch - 2026-06-17
Source audit date: 2026-06-17
Original recommendation
P2 — Decide the persistence model for tasks/report (audit log row, agent run row, both) and add tests.
Matched top finding
Beyond the auth concern above, the endpoint is functionally incomplete. Other "report" surfaces in Dispatch (POST /api/agent-runs, POST /api/audit) persist data. This one returns 200 { ok: true, report } and discards the body. If a worker calls it, the operator gets no signal that work happened. The test file confirms persistence is not part of the contract.
Evidence:
src/app/api/agents/[agentName]/tasks/report/route.ts:80-100 returns NextResponse.json({ ok: true, agentName, report }) with no await prisma.* call.- The test file mocks
prisma.issue.update and prisma.prFixQueueItem.update and prisma.lease.delete but never invokes any of them.
- Compare with
src/app/api/agents/[agentName]/heartbeat/route.ts:101-110 which calls prisma.agentRun.create.
Parent umbrella issue: #408
Source audit: Weekly tech debt audit: dispatch - 2026-06-17
Source audit date: 2026-06-17
Original recommendation
P2 — Decide the persistence model for
tasks/report(audit log row, agent run row, both) and add tests.Matched top finding
Beyond the auth concern above, the endpoint is functionally incomplete. Other "report" surfaces in Dispatch (
POST /api/agent-runs,POST /api/audit) persist data. This one returns200 { ok: true, report }and discards the body. If a worker calls it, the operator gets no signal that work happened. The test file confirms persistence is not part of the contract.Evidence:
src/app/api/agents/[agentName]/tasks/report/route.ts:80-100returnsNextResponse.json({ ok: true, agentName, report })with noawait prisma.*call.prisma.issue.updateandprisma.prFixQueueItem.updateandprisma.lease.deletebut never invokes any of them.src/app/api/agents/[agentName]/heartbeat/route.ts:101-110which callsprisma.agentRun.create.