This function looks completely reasonable:
def save_user(user_id: str, data: dict) -> dict:
validated = validate_schema(data)
sanitized = sanitize_input(validated)
log.info(f"Saving user {user_id}")
return {"status": "saved", "user_id": user_id}
It validates. It sanitizes. It logs. It returns a success response.
It saves absolutely nothing.
Why AI generates this
Language models are trained on code where save_user functions often validate input, call some DB function, and return a success response. When the model generates save_user, it produces the surrounding pattern — but sometimes skips the actual DB call. The function looks like it saves. The return value says it saved. Nothing was written to disk.
This is the MISSING_WRITE pattern:
- Function name contains
save,store,insert,persist, orupsert - No INSERT, UPDATE, or write operation anywhere in the body
Real-world impact
In production:
- User submits form →
save_user()called - Response:
{"status": "saved"}✅ - User refreshes → data gone
- Support ticket: "why does your app keep losing my data?"
The error never throws. The logs say "Saving user 123". The response is 200 OK.
Catch it before it ships
curl -X POST https://pleasing-transformation-production-90c2.up.railway.app/v1/scan \
-H "X-API-Key: vg_free_test" \
-F "file=@your_file.py"
{
"kind": "MISSING_WRITE",
"severity": "BLOCK",
"line": 1,
"detail": "save_user() contains no database write — possible stub or incomplete implementation"
}
GitHub CI: Moonsehwan/aina-vibeguard-action@v1 | Free key: vg_free_test
Top comments (0)