Repo Scanning Process

Step-by-step procedure for scanning GitHub repos to gather corroborating evidence for bug clusters, assigning confidence tiers to each finding.

Overview

Loaded by the repo-scanner agent inside the x-bug-triage plugin. Walks each clustered bug through a fixed evidence-gathering pipeline against the up-to-three repos most likely to host the bug: matching open/recent issues, recent commits in the impact window, affected code paths, and recent deploys correlated to the cluster's first_seen timestamp. Each finding is graded against the evidence-tier policy and recorded as cluster evidence.

Prerequisites

• Cluster table populated upstream by the bug-clustering stage
• surfacerepomapping configured for every product_surface present in clusters
• Triage MCP server reachable for mcptriagesearchissues, mcptriageinspectrecentcommits, mcptriageinspectcodepaths, and mcptriagecheckrecent_deploys
• GitHub access tokens with read scope on the target repos

Instructions

Step 1: Select Repos

For each cluster:

1. Look up repos from surfacerepomapping using the cluster's product_surface
2. Cap at top 3 repos per cluster (hard limit — never scan more)
3. If no mapping exists, note it as a warning and skip

Step 2: Search Issues

For each repo, call mcptriagesearchissues with the cluster's symptoms and errorstrings:

• Match error strings against open/recent issues
• Assign evidence tier based on match confidence

Step 3: Inspect Recent Commits

Call mcptriageinspectrecentcommits for each repo:

• 7-day window from current date
• Filter by affected paths if known from the cluster's feature_area
• Look for commits that touch relevant code paths

Step 4: Inspect Code Paths

Call mcptriageinspectcodepaths with the cluster's surface and feature_area:

• Identify likely affected code paths
• Check for recent changes or known fragile areas

Step 5: Check Recent Deploys

Call mcptriagecheckrecentdeploys for each repo:

• Correlate deploy/release timing with cluster's first_seen timestamp
• Recent deploy near first_seen is a stronger signal

Step 6: Assign Evidence Tiers

For each piece of evidence, assign a tier:

Step 7: Handle Degradation

If a repo is inaccessible or an API call fails:

1. Log a degraded scan result with the error reason
2. Continue scanning remaining repos — never abort the whole scan
3. Include degradation warnings in output

Output

• cluster_evidence rows tagged with tier (1–4), source kind, repo, and finding link
• clusterscanwarnings rows for any repo skipped or degraded during scanning
• Updated cluster evidence_summary field with per-tier counts

Error Handling

• Missing surface→repo mapping: warn, skip the cluster's scan, proceed with remaining clusters
• GitHub API rate limit hit: pause and resume, or degrade to "rate_limited" warning if budget exhausted
• Single tool call failure: capture error reason, continue to next step, never abort a multi-step scan
• All four signal sources empty for a cluster: record evidence_summary="empty" — downstream stages still run

Examples

Triggered automatically after owner-routing for each clustered bug. Typical output for a 12-cluster batch against 3 repos each: "12 clusters scanned, 7 with Tier 1 evidence, 3 with Tier 2 only, 2 with no evidence (Tier 4 weak only). 1 repo skipped (rate limit)."

Resources

Load evidence tier definitions for proper tier assignment:

!cat skills/x-bug-triage/references/evidence-policy.md