rails-informant 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: e238c932add4022daab840ab2144d18caf3f09c4f978c2ffdba125085947c9ad
+  data.tar.gz: 68518ff9ebda56a59932163e983316a671070bc006afec073e32965493591446
+SHA512:
+  metadata.gz: 3a902d7e2bd33450ddccaa1a380255ae15a3219073c4b75f950114647f1b0349654c20e0eb76758c456b0b2b247bafeb0c661d87935fd1454c6e3481f79478fb
+  data.tar.gz: 2b09916e94d366b8aae539104060a0aa14c29277297a827acec2433dadbe69befa2df6fbb0aabc5935e18bf92800435382975426dcc3db8011651f5ce274a6b9

data/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Daniel López Prat
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,340 @@
+<div align="center">
+
+  <h1 style="margin-top: 10px;">Rails Informant</h1>
+
+  <h2>Self-hosted error monitoring for Rails, built for AI agents</h2>
+
+  <div align="center">
+    <a href="https://github.com/6temes/rails-informant/blob/main/LICENSE"><img alt="License" src="https://img.shields.io/badge/license-MIT-green"/></a>
+    <a href="https://www.ruby-lang.org/"><img alt="Ruby" src="https://img.shields.io/badge/ruby-4.0+-red.svg"/></a>
+    <a href="https://rubyonrails.org/"><img alt="Rails" src="https://img.shields.io/badge/rails-8.1+-red.svg"/></a>
+  </div>
+
+  <p>
+    <a href="#why-rails-informant">Why Rails Informant?</a>
+    &#9670; <a href="#quick-start">Quick Start</a>
+    &#9670; <a href="#configuration">Configuration</a>
+    &#9670; <a href="#mcp-server">MCP Server</a>
+    &#9670; <a href="#architecture">Architecture</a>
+    &#9670; <a href="#data--privacy">Data & Privacy</a>
+    &#9670; <a href="#security">Security</a>
+  </p>
+</div>
+
+---
+
+Captures exceptions, stores them in your app's database with rich context (backtraces, breadcrumbs, request data), sends notifications, and exposes error data via a bundled MCP server -- so Claude Code and Devin AI can query, triage, and fix production errors directly.
+
+No dashboard. The agent *is* the interface.
+
+## Why Rails Informant?
+
+- **Agent-native** -- 12 MCP tools let AI agents list, inspect, resolve, and fix errors without a browser. The `/informant` Claude Code skill provides a complete triage-to-fix workflow.
+- **Self-hosted** -- Errors stay in your database. No external service, no data leaving your infrastructure (unless you configure Slack, webhook, or Devin notifications).
+- **Zero-config capture** -- Errors captured automatically via `Rails.error` subscriber and Rack middleware. Breadcrumbs from `ActiveSupport::Notifications` provide structured debugging context.
+- **Autonomous fixing** -- Devin AI integration triggers investigation sessions on new errors, writes fixes with tests, and opens draft PRs. Humans retain the merge button.
+- **Lightweight** -- Two database tables, no Redis, no background workers beyond ActiveJob. Runtime dependencies: Rails 8.1+ only.
+
+## Quick Start
+
+Add to your Gemfile:
+
+```ruby
+gem "rails-informant"
+```
+
+Run the install generator:
+
+```sh
+bin/rails generate rails_informant:install
+bin/rails db:migrate
+```
+
+This creates a migration for `informant_error_groups` and `informant_occurrences` tables and an initializer at `config/initializers/rails_informant.rb`.
+
+Optional generators for AI agent integration:
+
+```sh
+bin/rails generate rails_informant:skill   # Claude Code skill at .claude/skills/informant/SKILL.md
+bin/rails generate rails_informant:devin   # Devin playbook at .devin/error-triage.devin.md
+```
+
+Errors are captured automatically in non-local environments. To capture errors manually:
+
+```ruby
+RailsInformant.capture(exception, context: { order_id: 42 })
+```
+
+## Configuration
+
+```ruby
+# config/initializers/rails_informant.rb
+RailsInformant.configure do |config|
+  config.capture_errors = !Rails.env.local?
+  config.api_token = Rails.application.credentials.dig(:rails_informant, :api_token)
+  config.slack_webhook_url = Rails.application.credentials.dig(:rails_informant, :slack_webhook_url)
+  config.retention_days = 30
+end
+```
+
+Every option can be set via an environment variable. The initializer takes precedence over env vars.
+
+| Option | Env var | Default | Description |
+|--------|---------|---------|-------------|
+| `api_token` | `INFORMANT_API_TOKEN` | `nil` | Bearer token for API authentication (required for MCP) |
+| `capture_errors` | `INFORMANT_CAPTURE_ERRORS` | `true` | Enable/disable error capture (set to `"false"` to disable) |
+| `devin_api_key` | `INFORMANT_DEVIN_API_KEY` | `nil` | Devin AI API key for autonomous error fixing |
+| `devin_playbook_id` | `INFORMANT_DEVIN_PLAYBOOK_ID` | `nil` | Devin playbook ID for error triage workflow |
+| `ignored_exceptions` | `INFORMANT_IGNORED_EXCEPTIONS` | `[]` | Exception classes to skip (comma-separated in env var) |
+| `retention_days` | `INFORMANT_RETENTION_DAYS` | `nil` | Auto-purge resolved errors after N days |
+| `slack_webhook_url` | `INFORMANT_SLACK_WEBHOOK_URL` | `nil` | Slack incoming webhook URL |
+| `capture_user_email` | _(none)_ | `false` | Capture email from detected user (PII -- opt-in) |
+| `webhook_url` | `INFORMANT_WEBHOOK_URL` | `nil` | Generic webhook URL for notifications |
+
+## Error Capture
+
+Errors are captured automatically via:
+
+1. **`Rails.error` subscriber** -- background jobs, mailer errors, `Rails.error.handle` blocks
+2. **Rack middleware** -- unhandled request exceptions and rescued framework exceptions
+
+### Fingerprinting
+
+Errors are grouped by `SHA256(class_name:first_app_backtrace_frame)`. Line numbers are normalized so the same error at different lines groups together.
+
+### Ignored Exceptions
+
+Common framework exceptions (404s, CSRF, etc.) are ignored by default. Add more:
+
+```ruby
+config.ignored_exceptions = ["MyApp::BoringError", /Stripe::/]
+```
+
+### Breadcrumbs
+
+Structured events from `ActiveSupport::Notifications` are captured automatically as breadcrumbs -- SQL query names, cache hits, template renders, HTTP calls, job executions. Stored per-occurrence for rich debugging context without raw log lines.
+
+## API
+
+Token-authenticated JSON API mounted at `/informant/api/v1/`.
+
+```text
+GET    /informant/api/v1/errors            # List error groups (paginated, filterable)
+GET    /informant/api/v1/errors/:id         # Show with recent occurrences
+PATCH  /informant/api/v1/errors/:id         # Update status or notes
+DELETE /informant/api/v1/errors/:id         # Delete group and occurrences
+PATCH  /informant/api/v1/errors/:id/fix_pending  # Mark fix pending
+PATCH  /informant/api/v1/errors/:id/duplicate    # Mark as duplicate
+GET    /informant/api/v1/occurrences        # List occurrences
+GET    /informant/api/v1/status             # Error monitoring summary
+```
+
+Authenticate with `Authorization: Bearer <token>`.
+
+## MCP Server
+
+The bundled `informant-mcp` executable connects Claude Code to your error data via [Model Context Protocol (MCP)](https://modelcontextprotocol.io).
+
+The MCP server requires the `mcp` gem, which is not a runtime dependency. Add it to your Gemfile:
+
+```ruby
+gem "mcp", ">= 0.7", "< 2"
+```
+
+### Setup
+
+Add to your Claude Code MCP config:
+
+```json
+{
+  "mcpServers": {
+    "informant": {
+      "command": "informant-mcp",
+      "env": {
+        "INFORMANT_PRODUCTION_URL": "https://myapp.com",
+        "INFORMANT_PRODUCTION_TOKEN": "your-api-token"
+      }
+    }
+  }
+}
+```
+
+Or create `~/.config/informant-mcp.yml` for multi-environment setups:
+
+```yaml
+environments:
+  production:
+    url: https://myapp.com
+    token: ${INFORMANT_PRODUCTION_TOKEN}
+  staging:
+    url: https://staging.myapp.com
+    token: ${INFORMANT_STAGING_TOKEN}
+```
+
+### Tools
+
+| Tool | Description |
+|------|-------------|
+| `list_environments` | List configured environments |
+| `list_errors` | List error groups with filtering and pagination |
+| `get_error` | Full error detail with recent occurrences |
+| `resolve_error` | Mark as resolved |
+| `ignore_error` | Mark as ignored |
+| `reopen_error` | Reopen a resolved/ignored error |
+| `mark_fix_pending` | Mark with fix SHA for auto-resolve on deploy |
+| `mark_duplicate` | Mark as duplicate of another group |
+| `delete_error` | Delete group and occurrences |
+| `annotate_error` | Add investigation notes |
+| `get_informant_status` | Summary with counts and top errors |
+| `list_occurrences` | List occurrences with filtering |
+
+## Claude Code Skill
+
+Use `/informant` in Claude Code to triage and fix errors interactively. The skill:
+
+1. Checks error status with `get_informant_status`
+2. Lists unresolved errors
+3. Investigates with full occurrence data
+4. Implements fixes with test-first workflow
+5. Marks `fix_pending` for auto-resolution on deploy
+
+## Devin AI
+
+Automate error investigation and fixing with [Devin AI](https://devin.ai). When a new error is captured, Rails Informant creates a Devin session that investigates via MCP tools, writes a fix with tests, and opens a draft PR.
+
+### Setup
+
+1. Add the `informant-mcp` server to Devin's [MCP Marketplace](https://docs.devin.ai/work-with-devin/mcp) with your API URL and token.
+
+2. Upload the playbook installed at `.devin/error-triage.devin.md` to Devin and note the playbook ID. See [Creating Playbooks](https://docs.devin.ai/product-guides/creating-playbooks).
+
+3. Configure Rails Informant:
+
+```ruby
+RailsInformant.configure do |config|
+  config.devin_api_key = Rails.application.credentials.dig(:rails_informant, :devin_api_key)
+  config.devin_playbook_id = "your-playbook-id"
+end
+```
+
+### How It Works
+
+- Triggers on the **first occurrence only** -- repeated occurrences of the same error do not create additional Devin sessions.
+- Sends error class, message (truncated to 500 chars), severity, backtrace (first 5 frames), and error group ID.
+- Devin connects to your MCP server to investigate errors, then either opens a draft PR with a fix or annotates the error with investigation findings.
+
+### Data Sent to Devin
+
+The notification prompt includes: error class, error message (truncated), severity, occurrence count, timestamps, controller action or job class, backtrace frames, and git SHA. It does **not** include request parameters, user context, or PII.
+
+## Architecture
+
+```text
+Development Machine                    Remote Servers
++-----------------------+              +-----------------------+
+|  Claude Code          |              |  Production           |
+|        |              |              |  /informant/api/v1    |
+|        | stdio        |              +-----------------------+
+|        v              |  HTTPS+Token
+|  MCP Server           | -----------> +-----------------------+
+|  (exe/informant-mcp)  |              |  Staging              |
+|                       |              |  /informant/api/v1    |
++-----------------------+              +-----------------------+
+
+Inside the Rails app:
++-------------------------------------------------+
+|  Rails.error subscriber (primary capture)       |
+|  Rack Middleware (safety net)                    |
+|    - ErrorCapture (before ShowExceptions)        |
+|    - RescuedExceptionInterceptor (after Debug)   |
+|  |                                              |
+|  v                                              |
+|  Fingerprint + Upsert (atomic counter)          |
+|  |                                              |
+|  v                                              |
+|  Occurrence.create (with breadcrumbs, context)  |
+|  |                                              |
+|  v                                              |
+|  NotifyJob.perform_later (async dispatch)       |
+|    - Slack (Block Kit, Net::HTTP)               |
+|    - Webhook (PII stripped by default)          |
+|    - Devin AI (creates investigation session)   |
++-------------------------------------------------+
+```
+
+### Error Group Lifecycle
+
+```text
+unresolved --> fix_pending --> resolved (auto, on deploy)
+unresolved --> resolved (manual)
+unresolved --> ignored
+unresolved --> duplicate
+resolved    --> unresolved [REGRESSION]
+fix_pending --> unresolved (reopen)
+ignored     --> unresolved (reopen)
+duplicate   --> unresolved (reopen)
+```
+
+## Deploy Detection
+
+On boot, the engine checks if `fix_pending` errors have been deployed by comparing the current git SHA against `original_sha`. Deployed fixes are automatically transitioned to `resolved`.
+
+Git SHA is resolved from environment variables (`GIT_SHA`, `REVISION`, `KAMAL_VERSION`) or `.git/HEAD`.
+
+## Rake Tasks
+
+```sh
+bin/rails informant:stats    # Show error monitoring statistics
+bin/rails informant:purge    # Purge resolved errors older than retention_days
+```
+
+## Data & Privacy
+
+Each occurrence stores the following PII:
+
+- **User email** -- only captured when `config.capture_user_email = true` and the user model responds to `#email`
+- **IP address** -- from `request.remote_ip`
+- **Custom user context** -- anything set via `RailsInformant::Current.user_context`
+
+For GDPR compliance, only include identifiers needed for debugging (e.g., user ID) rather than personal data. You can override automatic user detection by setting user context explicitly:
+
+```ruby
+# In a before_action or around_action
+RailsInformant::Current.user_context = { id: current_user.id }
+```
+
+All stored context passes through `ActiveSupport::ParameterFilter`, so adding keys to `filter_parameters` suppresses them:
+
+```ruby
+# config/application.rb
+config.filter_parameters += [:email]
+```
+
+This replaces email values with `[FILTERED]` in occurrence data. IP addresses can be suppressed the same way by adding `:ip`.
+
+## Security
+
+- API requires bearer token authentication (`secure_compare`)
+- All stored context is filtered through `ActiveSupport::ParameterFilter`
+- MCP server enforces HTTPS by default
+- Security headers: `Cache-Control: no-store`, `X-Content-Type-Options: nosniff`
+- Error capture never breaks the host application
+- Webhook payloads strip PII by default
+- **Rate limiting** -- the API does not include built-in rate limiting. Add rate limiting on the `/informant/api/` prefix in production, for example with [Rack::Attack](https://github.com/rack/rack-attack):
+
+```ruby
+# config/initializers/rack_attack.rb
+Rack::Attack.throttle("informant/api", limit: 60, period: 1.minute) do |req|
+  req.ip if req.path.start_with?("/informant/api/")
+end
+```
+
+## License
+
+This project is licensed under the **MIT License** -- see the [LICENSE](LICENSE) file for details.
+
+---
+
+<div align="center">
+  <sub>Made in Tokyo with &#10084;&#65039; and &#129302;</sub>
+</div>

data/Rakefile

@@ -0,0 +1,10 @@
+require "bundler/setup"
+require "rake/testtask"
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << "test"
+  t.pattern = "test/**/*_test.rb"
+  t.verbose = false
+end
+
+task default: :test

data/VERSION

@@ -0,0 +1 @@
+0.0.1

data/app/controllers/rails_informant/api/base_controller.rb

@@ -0,0 +1,62 @@
+module RailsInformant
+  module Api
+    class BaseController < ActionController::API
+      before_action :authenticate_token!
+      before_action :set_security_headers
+
+      rescue_from RailsInformant::InvalidParameterError do |e|
+        render json: { error: e.message }, status: :bad_request
+      end
+
+      rescue_from ActiveRecord::RecordInvalid do |e|
+        render json: { error: e.record.errors.full_messages.join(", ") }, status: :unprocessable_entity
+      end
+
+      rescue_from ActiveRecord::RecordNotFound do
+        render json: { error: "Not found" }, status: :not_found
+      end
+
+      private
+
+      def parse_time(value)
+        Time.parse(value)
+      rescue ArgumentError
+        raise RailsInformant::InvalidParameterError, "Invalid date format"
+      end
+
+      def authenticate_token!
+        configured_token = RailsInformant.api_token
+
+        unless configured_token.present?
+          return render json: { error: "API token not configured" }, status: :service_unavailable
+        end
+
+        token = request.headers["Authorization"]&.delete_prefix("Bearer ")
+
+        unless token.present? && ActiveSupport::SecurityUtils.secure_compare(token, configured_token)
+          Rails.logger.warn "[RailsInformant] Auth failure from #{request.remote_ip} at #{Time.current.iso8601}"
+          render json: { error: "Unauthorized" }, status: :unauthorized
+        end
+      end
+
+      def set_security_headers
+        response.headers["Cache-Control"] = "no-store"
+        response.headers["Content-Security-Policy"] = "default-src 'none'"
+        response.headers["X-Content-Type-Options"] = "nosniff"
+        response.headers["X-Frame-Options"] = "DENY"
+      end
+
+      def paginate(scope, only:)
+        page = [ params.fetch(:page, 1).to_i, 1 ].max
+        per_page = [ [ params.fetch(:per_page, 20).to_i, 1 ].max, 100 ].min
+
+        records = scope.offset((page - 1) * per_page).limit(per_page + 1).to_a
+        has_more = records.size > per_page
+        records = records.first(per_page)
+        data = records.map { it.as_json(only:) }
+
+        { data:, meta: { page:, per_page:, has_more: } }
+      end
+    end
+  end
+end

data/app/controllers/rails_informant/api/errors_controller.rb

@@ -0,0 +1,72 @@
+module RailsInformant
+  module Api
+    class ErrorsController < BaseController
+      before_action :find_error_group, only: [ :show, :update, :destroy, :fix_pending, :duplicate ]
+
+      def index
+        groups = params[:status] == "duplicate" ? ErrorGroup.all : ErrorGroup.active
+        groups = groups
+          .by_controller_action(params[:controller_action])
+          .by_error_class(params[:error_class])
+          .by_job_class(params[:job_class])
+          .by_severity(params[:severity])
+          .by_status(params[:status])
+          .search(params[:q])
+          .since(params[:since] && parse_time(params[:since]))
+          .before(params[:until] && parse_time(params[:until]))
+          .order(last_seen_at: :desc)
+
+        render json: paginate(groups, only: ErrorGroup::API_FIELDS)
+      end
+
+      def show
+        occurrences = @error_group.occurrences.order(created_at: :desc).limit(10)
+        render json: @error_group.as_json(only: ErrorGroup::API_DETAIL_FIELDS).merge(
+          recent_occurrences: occurrences.as_json(only: Occurrence::API_FIELDS)
+        )
+      end
+
+      def update
+        permitted = params.permit(:status, :notes)
+
+        updates = {}
+        updates[:status] = permitted[:status] if permitted[:status]
+        updates[:notes] = permitted[:notes] if permitted.key?(:notes)
+
+        @error_group.update!(updates)
+        render json: @error_group.as_json(only: ErrorGroup::API_DETAIL_FIELDS)
+      end
+
+      def destroy
+        if ErrorGroup.exists?(duplicate_of_id: @error_group.id)
+          render json: { error: "Cannot delete: other errors reference this as a duplicate target" },
+                 status: :unprocessable_entity
+        else
+          @error_group.destroy!
+          head :no_content
+        end
+      end
+
+      def fix_pending
+        permitted = params.permit(:fix_sha, :original_sha, :fix_pr_url)
+        @error_group.mark_as_fix_pending!(
+          fix_sha: permitted[:fix_sha],
+          original_sha: permitted[:original_sha],
+          fix_pr_url: permitted[:fix_pr_url]
+        )
+        render json: @error_group.as_json(only: ErrorGroup::API_DETAIL_FIELDS)
+      end
+
+      def duplicate
+        @error_group.mark_as_duplicate_of! params[:duplicate_of_id]
+        render json: @error_group.as_json(only: ErrorGroup::API_DETAIL_FIELDS)
+      end
+
+      private
+
+      def find_error_group
+        @error_group = ErrorGroup.find(params[:id])
+      end
+    end
+  end
+end

data/app/controllers/rails_informant/api/occurrences_controller.rb

@@ -0,0 +1,14 @@
+module RailsInformant
+  module Api
+    class OccurrencesController < BaseController
+      def index
+        occurrences = Occurrence.order(created_at: :desc)
+        occurrences = occurrences.where(error_group_id: params[:error_group_id]) if params[:error_group_id]
+        occurrences = occurrences.where(created_at: parse_time(params[:since])..) if params[:since]
+        occurrences = occurrences.where(created_at: ..parse_time(params[:until])) if params[:until]
+
+        render json: paginate(occurrences, only: Occurrence::API_FIELDS)
+      end
+    end
+  end
+end

data/app/controllers/rails_informant/api/status_controller.rb

@@ -0,0 +1,29 @@
+module RailsInformant
+  module Api
+    class StatusController < BaseController
+      def show
+        counts = ErrorGroup.group(:status).count
+        render json: {
+          duplicate_count: counts.fetch("duplicate", 0),
+          fix_pending_count: counts.fetch("fix_pending", 0),
+          ignored_count: counts.fetch("ignored", 0),
+          resolved_count: counts.fetch("resolved", 0),
+          unresolved_count: counts.fetch("unresolved", 0),
+          deploy_sha: RailsInformant.current_git_sha,
+          top_errors: top_errors
+        }
+      end
+
+      private
+
+      def top_errors
+        ErrorGroup
+          .where(status: "unresolved")
+          .order(total_occurrences: :desc)
+          .limit(5)
+          .select(:id, :error_class, :message, :total_occurrences)
+          .map { |g| { id: g.id, error_class: g.error_class, message: g.message&.truncate(100), total_occurrences: g.total_occurrences } }
+      end
+    end
+  end
+end

data/app/jobs/rails_informant/application_job.rb

@@ -0,0 +1,4 @@
+module RailsInformant
+  class ApplicationJob < ActiveJob::Base
+  end
+end

data/app/jobs/rails_informant/notify_job.rb

@@ -0,0 +1,34 @@
+module RailsInformant
+  class NotifyJob < ApplicationJob
+    queue_as :default
+
+    retry_on ::Net::OpenTimeout, ::Net::ReadTimeout, ::SocketError, RailsInformant::NotifierError, attempts: 5, wait: 15.seconds
+    discard_on ActiveRecord::RecordNotFound
+
+    def perform(group)
+      occurrence = group.occurrences.order(created_at: :desc).first
+      failures = []
+
+      notifiers.each do |notifier|
+        next unless notifier.should_notify?(group)
+
+        notifier.notify(group, occurrence)
+      rescue StandardError => e
+        failures << e
+      end
+
+      group.update_column(:last_notified_at, Time.current) if failures.empty?
+
+      if failures.any?
+        failures.drop(1).each { |e| Rails.logger.error "[RailsInformant] Notifier failed: #{e.class}: #{e.message}" }
+        raise failures.first
+      end
+    end
+
+    private
+
+    def notifiers
+      RailsInformant.config.notifiers
+    end
+  end
+end

data/app/jobs/rails_informant/purge_job.rb

@@ -0,0 +1,29 @@
+module RailsInformant
+  class PurgeJob < ApplicationJob
+    queue_as :default
+    retry_on ActiveRecord::InvalidForeignKey, wait: 1.second, attempts: 3
+
+    def perform
+      return unless RailsInformant.retention_days
+
+      cutoff = RailsInformant.retention_days.days.ago
+
+      # IDs referenced as duplicate targets must be kept (subquery avoids TOCTOU)
+      duplicate_target_ids = ErrorGroup.where(status: "duplicate")
+        .where.not(duplicate_of_id: nil)
+        .distinct
+        .select(:duplicate_of_id)
+
+      # Split into separate queries so each can hit its composite index cleanly
+      resolved_scope = ErrorGroup.where(status: "resolved").where(resolved_at: ...cutoff).where.not(id: duplicate_target_ids)
+      ignored_scope = ErrorGroup.where(status: "ignored").where(updated_at: ...cutoff).where.not(id: duplicate_target_ids)
+
+      [ ignored_scope, resolved_scope ].each do |purgeable|
+        purgeable.in_batches(of: 500) do |batch|
+          Occurrence.where(error_group_id: batch.select(:id)).delete_all
+          batch.delete_all
+        end
+      end
+    end
+  end
+end

data/app/models/rails_informant/application_record.rb

@@ -0,0 +1,5 @@
+module RailsInformant
+  class ApplicationRecord < ActiveRecord::Base
+    self.abstract_class = true
+  end
+end