@sentry/warden 0.14.0 → 0.16.0

package/skills/warden-sweep/SKILL.md

@@ -1,6 +1,7 @@
 ---
 name: warden-sweep
 description: Full-repository code sweep. Scans every file with warden, verifies findings via deep tracing, creates draft PRs for validated issues. Use when asked to "sweep the repo", "scan everything", "find all bugs", "full codebase review", "batch code analysis", or run warden across the entire repository.
+disable-model-invocation: true
 ---
 
 # Warden Sweep
@@ -30,9 +31,17 @@ Fetches open warden-labeled PRs, builds file-to-PR dedup index, caches diffs for
 uv run ${CLAUDE_SKILL_ROOT}/scripts/index_prs.py <sweep-dir>
 ```
 
+### `scripts/create_issue.py`
+
+Creates a GitHub tracking issue summarizing sweep results. Run after verification, before patching.
+
+```bash
+uv run ${CLAUDE_SKILL_ROOT}/scripts/create_issue.py <sweep-dir>
+```
+
 ### `scripts/organize.py`
 
-Tags security findings, labels security PRs, updates finding reports with PR links, generates summary report, finalizes manifest.
+Tags security findings, labels security PRs, updates finding reports with PR links, posts final results to tracking issue, generates summary report, finalizes manifest.
 
 ```bash
 uv run ${CLAUDE_SKILL_ROOT}/scripts/organize.py <sweep-dir>
@@ -87,7 +96,7 @@ Parse the JSON stdout. Save `runId` and `sweepDir` for subsequent phases.
 ```
 ## Scan Complete
 
-Scanned **{filesScanned}** files, **{filesErrored}** errors.
+Scanned **{filesScanned}** files, **{filesTimedOut}** timed out, **{filesErrored}** errors.
 
 ### Findings ({totalFindings} total)
 
@@ -99,7 +108,7 @@ Scanned **{filesScanned}** files, **{filesErrored}** errors.
 
 Render every finding from the `findings` array. Bold severity for high and above.
 
-**On failure**: If exit code 1, show the error JSON and stop. If exit code 2, show the partial results and note which files errored.
+**On failure**: If exit code 1, show the error JSON and stop. If exit code 2, show the partial results. List timed-out files separately from errored files so users know which can be retried.
 
 ---
 
@@ -111,37 +120,11 @@ Deep-trace each finding using Task subagents to qualify or disqualify.
 
 Check if `data/verify/<finding-id>.json` already exists (incrementality). If it does, skip.
 
-Launch a Task subagent (`subagent_type: "general-purpose"`) for each finding. Process findings sequentially (one at a time) to keep output organized.
+Launch a Task subagent (`subagent_type: "general-purpose"`) for each finding. Process findings in parallel batches of up to 8 to improve throughput.
 
 **Task prompt for each finding:**
 
-```
-Verify a code analysis finding. Determine if this is a TRUE issue or a FALSE POSITIVE.
-Do NOT write or edit any files. Research only.
-
-## Finding
-- Title: ${TITLE}
-- Severity: ${SEVERITY} | Confidence: ${CONFIDENCE}
-- Skill: ${SKILL}
-- Location: ${FILE_PATH}:${START_LINE}-${END_LINE}
-- Description: ${DESCRIPTION}
-- Verification hint: ${VERIFICATION}
-
-## Instructions
-1. Read the file at the reported location. Examine at least 50 lines of surrounding context.
-2. Trace data flow to/from the flagged code using Grep/Glob.
-3. Check if the issue is mitigated elsewhere (guards, validation, try/catch upstream).
-4. Check if the issue is actually reachable in practice.
-
-Return your verdict as JSON:
-{
-  "findingId": "${FINDING_ID}",
-  "verdict": "verified" or "rejected",
-  "confidence": "high" or "medium" or "low",
-  "reasoning": "2-3 sentence explanation",
-  "traceNotes": "What code paths you examined"
-}
-```
+Read `${CLAUDE_SKILL_ROOT}/references/verify-prompt.md` for the prompt template. Substitute the finding's values into the `${...}` placeholders.
 
 **Process results:**
 
@@ -195,11 +178,37 @@ Update manifest: set `phases.verify` to `"complete"`.
 
 ---
 
-## Phase 3: Patch
+## Phase 3: Issue
 
-For each verified finding, create a worktree, fix the code, and open a draft PR.
+Create a tracking issue that ties all PRs together and gives reviewers a single overview.
 
-**Step 0: Index existing PRs** (1 tool call):
+**Run** (1 tool call):
+
+```bash
+uv run ${CLAUDE_SKILL_ROOT}/scripts/create_issue.py ${SWEEP_DIR}
+```
+
+Parse the JSON stdout. Save `issueUrl` and `issueNumber` for Phase 4.
+
+**Report** to user:
+
+```
+## Tracking Issue Created
+
+{issueUrl}
+```
+
+**On failure**: Show the error. Continue to Phase 4 (PRs can still be created without a tracking issue).
+
+---
+
+## Phase 4: Patch
+
+For each verified finding, create a worktree, fix the code, and open a draft PR. Process findings **sequentially** (one at a time) since parallel subagents cross-contaminate worktrees.
+
+**Severity triage**: Patch HIGH and above. For MEDIUM, only patch findings from bug-detection skills (e.g., `code-review`, `security-review`). Skip LOW and INFO findings.
+
+**Step 0: Setup** (run once before the loop):
 
 ```bash
 uv run ${CLAUDE_SKILL_ROOT}/scripts/index_prs.py ${SWEEP_DIR}
@@ -207,6 +216,13 @@ uv run ${CLAUDE_SKILL_ROOT}/scripts/index_prs.py ${SWEEP_DIR}
 
 Parse the JSON stdout. Use `fileIndex` for dedup checks.
 
+Determine the default branch and fetch latest so worktrees branch from current upstream:
+
+```bash
+DEFAULT_BRANCH=$(gh repo view --json defaultBranchRef --jq '.defaultBranchRef.name')
+git fetch origin "${DEFAULT_BRANCH}"
+```
+
 **For each finding in `data/verified.jsonl`:**
 
 Check if finding ID already exists in `data/patches.jsonl` (incrementality). If it does, skip.
@@ -224,47 +240,21 @@ Skip the finding only when there is both chunk overlap AND the PR addresses the
 ```bash
 BRANCH="warden-sweep/${RUN_ID}/${FINDING_ID}"
 WORKTREE="${SWEEP_DIR}/worktrees/${FINDING_ID}"
-git worktree add "${WORKTREE}" -b "${BRANCH}"
+git worktree add "${WORKTREE}" -b "${BRANCH}" "origin/${DEFAULT_BRANCH}"
 ```
 
-Each finding branches from the current HEAD to avoid merge conflicts between PRs.
+Each finding branches from the repo's default branch so PRs contain only the fix commit.
 
 **Step 2: Generate fix**
 
-Launch a Task subagent (`subagent_type: "general-purpose"`) to apply the fix in the worktree:
+Launch a Task subagent (`subagent_type: "general-purpose"`) to apply the fix in the worktree. Read `${CLAUDE_SKILL_ROOT}/references/patch-prompt.md` for the prompt template. Substitute the finding's values and worktree path into the `${...}` placeholders.
 
-```
-Fix a verified code issue and add test coverage. You are working in a git worktree at: ${WORKTREE}
+**Step 2b: Handle skipped findings**
 
-## Finding
-- Title: ${TITLE}
-- File: ${FILE_PATH}:${START_LINE}
-- Description: ${DESCRIPTION}
-- Verification: ${REASONING}
-- Suggested Fix: ${FIX_DESCRIPTION}
-```diff
-${FIX_DIFF}
-```
-
-## Instructions
-1. Read the file at the reported location (use the worktree path: ${WORKTREE}/${FILE_PATH}).
-2. Apply the suggested fix. If the diff doesn't apply cleanly, adapt it while preserving intent.
-3. Write or update tests that verify the fix:
-   - Follow existing test patterns (co-located files, same framework)
-   - At minimum, write a test that would have caught the original bug
-4. Only modify the fix target and its test file.
-5. Do NOT run tests locally. CI will validate the changes.
-6. Stage and commit with this exact message:
-
-fix: ${TITLE}
-
-Warden finding ${FINDING_ID}
-Severity: ${SEVERITY}
-
-Co-Authored-By: Warden <noreply@getsentry.com>
-
-Report what you changed: files modified, test files added/updated, any notes.
-```
+If the subagent returned `"status": "skipped"` (not `"applied"`), do NOT proceed to Steps 3-4. Instead:
+1. Record the finding in `data/patches.jsonl` with `"status": "error"` and `"error": "Subagent skipped: ${skipReason}"`
+2. Clean up the worktree
+3. Continue to the next finding
 
 **Step 3: Find reviewers**
 
@@ -275,8 +265,7 @@ uv run ${CLAUDE_SKILL_ROOT}/scripts/find_reviewers.py "${FILE_PATH}"
 **Step 4: Create draft PR**
 
 ```bash
-cd "${WORKTREE}"
-git push -u origin "${BRANCH}"
+cd "${WORKTREE}" && git push -u origin HEAD:"${BRANCH}"
 ```
 
 Create the PR with a 1-2 sentence "What" summary based on the finding and fix, followed by the finding description and verification reasoning:
@@ -298,6 +287,9 @@ ${REASONING}
 
 Automated fix for Warden finding ${FINDING_ID} (${SEVERITY}, detected by ${SKILL}).
 
+<!-- Only include the next line if Phase 3 succeeded and ISSUE_NUMBER is available -->
+Ref #${ISSUE_NUMBER}
+
 > This PR was auto-generated by a Warden Sweep (run ${RUN_ID}).
 > The finding has been validated through automated deep tracing,
 > but human confirmation is requested as this is batch work.
@@ -309,7 +301,7 @@ Save the PR URL.
 
 **Step 5: Record and cleanup**
 
-Append to `data/patches.jsonl`:
+Append to `data/patches.jsonl` (use `"created"` as status for successful PRs, not the subagent's `"applied"`):
 ```json
 {"findingId": "...", "prUrl": "https://...", "branch": "...", "reviewers": ["user1", "user2"], "filesChanged": ["..."], "status": "created|existing|error"}
 ```
@@ -340,7 +332,7 @@ Update manifest: set `phases.patch` to `"complete"`.
 
 ---
 
-## Phase 4: Organize
+## Phase 5: Organize
 
 **Run** (1 tool call):
 
@@ -376,8 +368,9 @@ Each phase is incremental. To resume from where you left off:
 1. Check `data/manifest.json` to see which phases are complete
 2. For scan: pass `--sweep-dir` to `scan.py`
 3. For verify: existing `data/verify/<id>.json` files are skipped
-4. For patch: existing entries in `data/patches.jsonl` are skipped
-5. For organize: safe to re-run (idempotent)
+4. For issue: `create_issue.py` is idempotent (skips if `issueUrl` in manifest)
+5. For patch: existing entries in `data/patches.jsonl` are skipped
+6. For organize: safe to re-run (idempotent)
 
 ## Output Directory Structure
 

package/skills/warden-sweep/references/patch-prompt.md

@@ -0,0 +1,72 @@
+Fix a verified code issue. You are working in a git worktree at: ${WORKTREE}
+
+## Finding
+- Title: ${TITLE}
+- File: ${FILE_PATH}:${START_LINE}
+- Description: ${DESCRIPTION}
+- Verification: ${REASONING}
+- Suggested Fix: ${FIX_DESCRIPTION}
+```diff
+${FIX_DIFF}
+```
+
+## Instructions
+
+### Step 1: Understand the code
+Read the file at ${WORKTREE}/${FILE_PATH}. Read at least 50 lines above and below the reported location. Trace callers and callees of the affected code using Grep/Glob to understand how it is used. Do NOT skip this step.
+
+### Step 2: Apply a minimal fix
+Apply the smallest change that addresses the finding. If the suggested diff doesn't apply cleanly, adapt it while preserving intent. Do NOT refactor surrounding code, rename variables, add comments, or make any change beyond what the finding requires.
+
+### Step 3: Write tests
+Write or update tests that verify the fix:
+- Follow existing test patterns (co-located files, same framework)
+- At minimum, write a test that would have caught the original bug
+- Test the specific edge case, not just the happy path
+
+Only modify the fix target and its test file.
+
+### Step 4: Self-review
+Before staging, run `git diff` in the worktree and review every changed line. Verify:
+1. The change addresses the specific finding described, not something else
+2. No unrelated code was modified (no drive-by cleanups, no formatting changes)
+3. Trace through changed code paths: does the fix introduce any new bug, null reference, type error, or broken import?
+4. Tests exercise the fix (the failure case), not just that the code runs
+
+If ANY check fails, fix the problem before proceeding. If the suggested fix is wrong or would introduce a regression you cannot resolve, do NOT commit. Instead, skip to the output step and report why.
+
+### Step 5: Commit
+Do NOT run tests locally. CI will validate the changes.
+
+Stage and commit with this exact message:
+
+fix: ${TITLE}
+
+Warden finding ${FINDING_ID}
+Severity: ${SEVERITY}
+
+Co-Authored-By: Warden <noreply@getsentry.com>
+
+### Step 6: Output
+Return ONLY valid JSON (no surrounding text). Use `"status": "applied"` if you committed a fix, or `"status": "skipped"` if you did not.
+
+```json
+{
+  "status": "applied",
+  "filesChanged": ["src/example.ts"],
+  "testFilesChanged": ["src/example.test.ts"],
+  "selfReview": "Verified the fix addresses the null check and test covers the failure case",
+  "skipReason": null
+}
+```
+
+When skipping:
+```json
+{
+  "status": "skipped",
+  "filesChanged": [],
+  "testFilesChanged": [],
+  "selfReview": null,
+  "skipReason": "The suggested fix would introduce a regression in the error handling path"
+}
+```

package/skills/warden-sweep/references/verify-prompt.md

@@ -0,0 +1,25 @@
+Verify a code analysis finding. Determine if this is a TRUE issue or a FALSE POSITIVE.
+Do NOT write or edit any files. Research only.
+
+## Finding
+- Title: ${TITLE}
+- Severity: ${SEVERITY} | Confidence: ${CONFIDENCE}
+- Skill: ${SKILL}
+- Location: ${FILE_PATH}:${START_LINE}-${END_LINE}
+- Description: ${DESCRIPTION}
+- Verification hint: ${VERIFICATION}
+
+## Instructions
+1. Read the file at the reported location. Examine at least 50 lines of surrounding context.
+2. Trace data flow to/from the flagged code using Grep/Glob.
+3. Check if the issue is mitigated elsewhere (guards, validation, try/catch upstream).
+4. Check if the issue is actually reachable in practice.
+
+Return your verdict as JSON:
+{
+  "findingId": "${FINDING_ID}",
+  "verdict": "verified" or "rejected",
+  "confidence": "high" or "medium" or "low",
+  "reasoning": "2-3 sentence explanation",
+  "traceNotes": "What code paths you examined"
+}

package/skills/warden-sweep/scripts/_utils.py

@@ -20,6 +20,35 @@ def run_cmd(
     )
 
 
+def run_cmd_stdout(
+    args: list[str], timeout: int = 30, cwd: str | None = None
+) -> str | None:
+    """Run a command and return stripped stdout, or None on failure."""
+    try:
+        result = run_cmd(args, timeout=timeout, cwd=cwd)
+        return result.stdout.strip() if result.returncode == 0 else None
+    except (subprocess.TimeoutExpired, FileNotFoundError):
+        return None
+
+
+def read_json(path: str) -> dict[str, Any] | None:
+    """Read a JSON file and return parsed object, or None on failure."""
+    if not os.path.exists(path):
+        return None
+    try:
+        with open(path) as f:
+            return json.load(f)
+    except (json.JSONDecodeError, OSError):
+        return None
+
+
+def write_json(path: str, data: dict[str, Any]) -> None:
+    """Write a dict to a JSON file with trailing newline."""
+    with open(path, "w") as f:
+        json.dump(data, f, indent=2)
+        f.write("\n")
+
+
 def read_jsonl(path: str) -> list[dict[str, Any]]:
     """Read a JSONL file and return list of parsed objects."""
     entries: list[dict[str, Any]] = []
@@ -35,3 +64,36 @@ def read_jsonl(path: str) -> list[dict[str, Any]]:
             except json.JSONDecodeError:
                 continue
     return entries
+
+
+def severity_badge(severity: str) -> str:
+    """Return a markdown-friendly severity indicator."""
+    badges = {
+        "critical": "**CRITICAL**",
+        "high": "**HIGH**",
+        "medium": "MEDIUM",
+        "low": "LOW",
+        "info": "info",
+    }
+    return badges.get(severity, severity)
+
+
+def pr_number_from_url(pr_url: str) -> str:
+    """Extract the PR or issue number from a GitHub URL's last path segment."""
+    return pr_url.rstrip("/").split("/")[-1]
+
+
+def ensure_github_label(name: str, color: str, description: str) -> None:
+    """Create a GitHub label if it doesn't exist (idempotent)."""
+    try:
+        subprocess.run(
+            [
+                "gh", "label", "create", name,
+                "--color", color,
+                "--description", description,
+            ],
+            capture_output=True,
+            timeout=15,
+        )
+    except (subprocess.TimeoutExpired, FileNotFoundError):
+        pass

package/skills/warden-sweep/scripts/create_issue.py

@@ -0,0 +1,189 @@
+#!/usr/bin/env python3
+# /// script
+# requires-python = ">=3.9"
+# ///
+"""
+Warden Sweep: Create tracking issue.
+
+Creates a GitHub issue summarizing the sweep results after verification
+but before patching. Gives every PR a parent to reference and gives
+reviewers a single place to see the full picture.
+
+Usage:
+    uv run create_issue.py <sweep-dir>
+
+Stdout: JSON with issueUrl and issueNumber
+Stderr: Progress lines
+
+Idempotent: if issueUrl already exists in manifest, skips creation.
+"""
+from __future__ import annotations
+
+import argparse
+import json
+import os
+import subprocess
+import sys
+from typing import Any
+
+sys.path.insert(0, os.path.dirname(os.path.abspath(__file__)))
+from _utils import (  # noqa: E402
+    ensure_github_label,
+    pr_number_from_url,
+    read_json,
+    read_jsonl,
+    severity_badge,
+    write_json,
+)
+
+
+def build_issue_body(
+    run_id: str,
+    scan_index: list[dict[str, Any]],
+    all_findings: list[dict[str, Any]],
+    verified: list[dict[str, Any]],
+    rejected: list[dict[str, Any]],
+) -> str:
+    """Build the GitHub issue body markdown."""
+    files_scanned = sum(1 for e in scan_index if e.get("status") == "complete")
+    files_timed_out = sum(
+        1 for e in scan_index
+        if e.get("status") == "error" and e.get("error") == "timeout"
+    )
+    files_errored = sum(
+        1 for e in scan_index
+        if e.get("status") == "error" and e.get("error") != "timeout"
+    )
+
+    # Collect unique skills from scan index
+    skills: set[str] = set()
+    for entry in scan_index:
+        for skill in entry.get("skills", []):
+            skills.add(skill)
+
+    lines = [
+        f"## Warden Sweep `{run_id}`",
+        "",
+        "| Metric | Count |",
+        "|--------|-------|",
+        f"| Files scanned | {files_scanned} |",
+        f"| Files timed out | {files_timed_out} |",
+        f"| Files errored | {files_errored} |",
+        f"| Total findings | {len(all_findings)} |",
+        f"| Verified | {len(verified)} |",
+        f"| Rejected | {len(rejected)} |",
+        "",
+    ]
+
+    if verified:
+        lines.append("### Verified Findings")
+        lines.append("")
+        lines.append("| Severity | Skill | File | Title |")
+        lines.append("|----------|-------|------|-------|")
+        for f in verified:
+            sev = severity_badge(f.get("severity", "info"))
+            skill = f.get("skill", "")
+            file_path = f.get("file", "")
+            start_line = f.get("startLine")
+            location = f"{file_path}:{start_line}" if start_line else file_path
+            title = f.get("title", "")
+            lines.append(f"| {sev} | {skill} | `{location}` | {title} |")
+        lines.append("")
+
+    if skills:
+        lines.append("### Skills Run")
+        lines.append("")
+        lines.append(", ".join(sorted(skills)))
+        lines.append("")
+
+    lines.append("> Generated by Warden Sweep. PRs referencing this issue will appear below.")
+
+    return "\n".join(lines) + "\n"
+
+
+def create_github_issue(title: str, body: str) -> dict[str, Any]:
+    """Create a GitHub issue with the warden label. Returns issueUrl and issueNumber."""
+    ensure_github_label("warden", "5319E7", "Automated fix from Warden Sweep")
+
+    result = subprocess.run(
+        [
+            "gh", "issue", "create",
+            "--label", "warden",
+            "--title", title,
+            "--body", body,
+        ],
+        capture_output=True,
+        text=True,
+        timeout=30,
+    )
+
+    if result.returncode != 0:
+        raise RuntimeError(f"gh issue create failed: {result.stderr.strip()}")
+
+    issue_url = result.stdout.strip()
+    try:
+        issue_number = int(pr_number_from_url(issue_url))
+    except (ValueError, IndexError):
+        raise RuntimeError(f"Could not parse issue number from gh output: {issue_url}")
+
+    return {"issueUrl": issue_url, "issueNumber": issue_number}
+
+
+def main() -> None:
+    parser = argparse.ArgumentParser(
+        description="Warden Sweep: Create tracking issue"
+    )
+    parser.add_argument("sweep_dir", help="Path to the sweep directory")
+    args = parser.parse_args()
+
+    sweep_dir = args.sweep_dir
+    data_dir = os.path.join(sweep_dir, "data")
+    manifest_path = os.path.join(data_dir, "manifest.json")
+
+    if not os.path.isdir(sweep_dir):
+        print(
+            json.dumps({"error": f"Sweep directory not found: {sweep_dir}"}),
+            file=sys.stdout,
+        )
+        sys.exit(1)
+
+    manifest = read_json(manifest_path) or {}
+
+    # Idempotency: if issue already exists, return existing values
+    if manifest.get("issueUrl"):
+        output = {
+            "issueUrl": manifest["issueUrl"],
+            "issueNumber": manifest.get("issueNumber", 0),
+        }
+        print(json.dumps(output))
+        return
+
+    run_id = manifest.get("runId", "unknown")
+
+    # Read sweep data
+    scan_index = read_jsonl(os.path.join(data_dir, "scan-index.jsonl"))
+    all_findings = read_jsonl(os.path.join(data_dir, "all-findings.jsonl"))
+    verified = read_jsonl(os.path.join(data_dir, "verified.jsonl"))
+    rejected = read_jsonl(os.path.join(data_dir, "rejected.jsonl"))
+
+    files_scanned = sum(1 for e in scan_index if e.get("status") == "complete")
+
+    # Build issue
+    title = f"Warden Sweep {run_id}: {len(verified)} findings across {files_scanned} files"
+    body = build_issue_body(run_id, scan_index, all_findings, verified, rejected)
+
+    print("Creating tracking issue...", file=sys.stderr)
+    result = create_github_issue(title, body)
+    print(f"Created issue: {result['issueUrl']}", file=sys.stderr)
+
+    # Write issueUrl and issueNumber to manifest
+    manifest["issueUrl"] = result["issueUrl"]
+    manifest["issueNumber"] = result["issueNumber"]
+    manifest.setdefault("phases", {})["issue"] = "complete"
+    write_json(manifest_path, manifest)
+
+    print(json.dumps(result))
+
+
+if __name__ == "__main__":
+    main()

package/skills/warden-sweep/scripts/find_reviewers.py

@@ -20,22 +20,11 @@ from __future__ import annotations
 
 import argparse
 import json
-import subprocess
+import os
 import sys
 
-
-def run_cmd(args: list[str], timeout: int = 30) -> str | None:
-    """Run a command and return stdout, or None on failure."""
-    try:
-        result = subprocess.run(
-            args,
-            capture_output=True,
-            text=True,
-            timeout=timeout,
-        )
-        return result.stdout.strip() if result.returncode == 0 else None
-    except (subprocess.TimeoutExpired, FileNotFoundError):
-        return None
+sys.path.insert(0, os.path.dirname(os.path.abspath(__file__)))
+from _utils import run_cmd_stdout as run_cmd  # noqa: E402
 
 
 def get_top_authors(file_path: str, count: int = 2) -> list[str]:
@@ -86,6 +75,12 @@ def email_to_github_username(email: str) -> str | None:
     return output if output else None
 
 
+def get_current_github_user() -> str | None:
+    """Get the currently authenticated GitHub username."""
+    output = run_cmd(["gh", "api", "/user", "--jq", ".login"])
+    return output if output else None
+
+
 def main():
     parser = argparse.ArgumentParser(
         description="Find top git contributors for PR reviewer assignment"
@@ -97,7 +92,11 @@ def main():
     )
     args = parser.parse_args()
 
-    emails = get_top_authors(args.file_path, args.count)
+    current_user = get_current_github_user()
+
+    # Request extra candidates to compensate for self-exclusion
+    fetch_count = args.count + 1 if current_user else args.count
+    emails = get_top_authors(args.file_path, fetch_count)
     if not emails:
         print(json.dumps({"reviewers": [], "note": "No recent authors found"}))
         return
@@ -105,10 +104,10 @@ def main():
     reviewers: list[str] = []
     for email in emails:
         username = email_to_github_username(email)
-        if username:
+        if username and username != current_user:
             reviewers.append(username)
 
-    print(json.dumps({"reviewers": reviewers}))
+    print(json.dumps({"reviewers": reviewers[:args.count]}))
 
 
 if __name__ == "__main__":