ci-triage 0.2.0 → 0.3.1

package/CHANGELOG.md

@@ -0,0 +1,42 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+## [0.2.0] - 2026-02-25
+
+### Added
+
+- Provider abstraction: GitHub Actions, GitLab CI, CircleCI with auto-detection
+- SQLite flake store at `~/.ci-triage/flake.db` for persistent cross-session test history
+- `ci-triage flakes owner/repo` to list known flaky tests with fail/pass stats
+- `ci-triage db prune [--days 90]` to remove old runs from local DB
+- LLM root-cause analysis via OpenAI Responses API (`gpt-4.1-mini` default), gated on `OPENAI_API_KEY` or `--llm`
+- Graceful LLM fallback to heuristic analysis with explicit `fallback_reason` in output
+- LLM token usage and estimated cost logging per run
+- `--provider github|gitlab|circleci` flag for explicit provider selection
+- `--llm` and `--llm-model` flags
+- `--version` flag
+- `analysis` block in JSON output schema (`mode`, `provider`, `model`, `root_cause`, `fix_suggestions`, `llm.usage`)
+- `action.yml` inputs: `llm`, `openai-api-key`, `llm-model`, `provider`
+
+### Changed
+
+- Actionable error messages when `gh` CLI is missing or unauthenticated
+- README fully rewritten for v0.2
+
+## [0.1.0] - 2026-02-22
+
+### Added
+
+- Initial release
+- GitHub Actions log parsing with 16 failure categories
+- Flake detection (in-memory, single-run)
+- JUnit XML support
+- Structured JSON output schema
+- MCP server with 4 tools (`triage_run`, `list_failures`, `is_flaky`, `suggest_fix`)
+- GitHub Action (`action.yml`) with PR comment and artifact upload

package/README.md

@@ -2,27 +2,39 @@
 
 Open-source CI failure triage for humans and agents. Parses CI logs, classifies failures, detects flaky tests, and outputs structured JSON — with an MCP server for coding agents.
 
+**v0.2** adds LLM root-cause analysis, a persistent SQLite flake database, and multi-CI support (GitHub, GitLab, CircleCI).
+
 ## Why
 
 When CI fails, everyone does the same dance: open the run, scroll logs, squint at errors. Coding agents have it worse — they can't scroll. **ci-triage** gives both humans and agents structured, queryable failure data.
 
 ## Features
 
-- 🔍 **Smart log parsing** — extracts errors, file:line references, stack traces from GitHub Actions logs
+- 🔍 **Smart log parsing** — extracts errors, file:line references, stack traces
 - 🏷️ **Failure classification** — 16 categories with severity levels and confidence scores
-- 🧪 **Flake detection** — compares against run history to distinguish flaky from real failures
+- 🧪 **Flake detection** — in-memory (single run) + SQLite persistent history across runs
+- 🤖 **LLM root-cause analysis** — OpenAI Responses API, gated on `OPENAI_API_KEY`, graceful fallback
+- 🌐 **Multi-CI** — GitHub Actions, GitLab CI, CircleCI, with auto-detection
 - 📋 **JUnit XML support** — parses standard test result files
 - 📊 **Structured JSON output** — agent-consumable schema with full failure context
-- 🤖 **MCP server** — coding agents (Codex, Claude Code) can query failures programmatically
-- 🔧 **GitHub Action** — drop into any workflow with PR comments and artifacts
+- 🔧 **MCP server** — coding agents (Codex, Claude Code) can query failures programmatically
+- ⚙️ **GitHub Action** — drop into any workflow with PR comments and artifacts
 
 ## Quick Start
 
 ### CLI
+
 ```bash
-# Install
+# Install globally
 npm install -g ci-triage
 
+# Or use without installing
+npx ci-triage owner/repo
+```
+
+#### Basic usage
+
+```bash
 # Triage the most recent failed run
 ci-triage owner/repo
 
@@ -36,7 +48,38 @@ ci-triage owner/repo --run 12345
 ci-triage owner/repo --md triage.md
 ```
 
+#### v0.2 flags
+
+```bash
+# LLM root-cause analysis (requires OPENAI_API_KEY)
+ci-triage owner/repo --llm
+
+# Override LLM model (default: gpt-4.1-mini)
+ci-triage owner/repo --llm --llm-model gpt-4o-mini
+
+# Force a specific CI provider
+ci-triage owner/repo --provider gitlab
+ci-triage owner/repo --provider circleci
+
+# Show flaky tests from persistent history
+ci-triage flakes owner/repo
+
+# Print version
+ci-triage --version
+```
+
+#### Multi-CI provider setup
+
+| Provider | Token env var | Auto-detected by |
+|----------|--------------|-----------------|
+| GitHub Actions | `gh auth login` (uses `gh` CLI) | default |
+| GitLab CI | `GITLAB_TOKEN` | `.gitlab-ci.yml` in cwd |
+| CircleCI | `CIRCLE_TOKEN` | `.circleci/` in cwd |
+
+Auto-detection runs at startup — pass `--provider` to override.
+
 ### GitHub Action
+
 ```yaml
 - uses: clankamode/ci-triage@v1
   with:
@@ -68,6 +111,42 @@ claude mcp add ci-triage npx -y ci-triage --mcp
 | `is_flaky` | Flake history for a specific test |
 | `suggest_fix` | Fix suggestions for failures |
 
+## SQLite Flake Database
+
+ci-triage persists run outcomes to `~/.ci-triage/flake.db`. Over time, this builds a cross-session history of test pass/fail patterns, making flake detection much more accurate than single-run heuristics.
+
+```bash
+# After a few triage runs, list known flaky tests
+ci-triage flakes owner/repo
+
+# Output:
+# Test Name                                               Fails  Passes   Ratio Last Seen
+# ─────────────────────────────────────────────────────────────────────────────────────
+# integration::auth::test_token_refresh                       3       7   30.0% 2026-02-25
+# e2e::dashboard::renders_on_slow_network                     2       5   28.6% 2026-02-24
+```
+
+## LLM Root-Cause Analysis
+
+When `OPENAI_API_KEY` is set (or `--llm` is passed), ci-triage calls OpenAI Responses API to produce a human-readable root cause and fix suggestions:
+
+```bash
+OPENAI_API_KEY=sk-... ci-triage owner/repo --llm
+
+# ── LLM Root-Cause Analysis ─────────────────────────────
+# Model: gpt-4.1-mini (openai)
+# Root Cause: The auth token refresh test fails intermittently due to a race
+#             condition in the mock clock setup.
+# Fix Suggestions:
+#   • Use vi.useFakeTimers() with explicit tick advancement
+#   • Add a 50ms buffer after token expiry before asserting refresh
+#   • Consider extracting token timing into a testable utility
+# Tokens: 1240 in / 187 out — est. $0.0008
+# ─────────────────────────────────────────────────────────
+```
+
+If LLM is unavailable, ci-triage falls back to heuristic suggestions silently. The JSON output includes `analysis.mode` to distinguish.
+
 ## Output Schema
 
 ```json
@@ -100,6 +179,20 @@ claude mcp add ci-triage npx -y ci-triage --mcp
     "flaky_count": 1,
     "real_count": 0,
     "root_cause": "Flaky assertion in Foo.validate"
+  },
+  "analysis": {
+    "mode": "llm",
+    "provider": "openai",
+    "model": "gpt-4.1-mini",
+    "root_cause": "Race condition in mock clock setup",
+    "fix_suggestions": ["Use vi.useFakeTimers() with explicit tick advancement"],
+    "llm": {
+      "usage": {
+        "input_tokens": 1240,
+        "output_tokens": 187,
+        "estimated_cost_usd": 0.0008
+      }
+    }
   }
 }
 ```

package/action.yml

@@ -1,5 +1,5 @@
 name: "CI Triage"
-description: "Automated CI failure triage with flake detection"
+description: "Automated CI failure triage with flake detection, LLM analysis, and multi-CI support"
 inputs:
   token:
     description: "GitHub token for API access"
@@ -20,6 +20,22 @@ inputs:
     description: "Number of historical runs to inspect"
     required: false
     default: "20"
+  llm:
+    description: "Enable LLM root-cause analysis (requires openai-api-key)"
+    required: false
+    default: "false"
+  openai-api-key:
+    description: "OpenAI API key for LLM analysis"
+    required: false
+    default: ""
+  llm-model:
+    description: "LLM model to use (default: gpt-4.1-mini)"
+    required: false
+    default: "gpt-4.1-mini"
+  provider:
+    description: "CI provider override: github | gitlab | circleci (default: auto-detect)"
+    required: false
+    default: ""
 outputs:
   report-json:
     description: "Raw triage report JSON string"
@@ -57,6 +73,10 @@ runs:
         CI_TRIAGE_COMMENT: ${{ inputs.comment }}
         CI_TRIAGE_JSON_ARTIFACT: ${{ inputs.json-artifact }}
         CI_TRIAGE_HISTORY_DEPTH: ${{ inputs.history-depth }}
+        CI_TRIAGE_LLM: ${{ inputs.llm }}
+        CI_TRIAGE_LLM_MODEL: ${{ inputs.llm-model }}
+        CI_TRIAGE_PROVIDER: ${{ inputs.provider }}
+        OPENAI_API_KEY: ${{ inputs.openai-api-key }}
       run: node dist/action.js
 
     - name: Upload triage JSON artifact

package/dist/action.js

@@ -1,58 +1,18 @@
-import { execFileSync } from 'node:child_process';
 import { appendFileSync } from 'node:fs';
+import { classify } from './classifier.js';
 import { formatComment } from './comment.js';
+import { analyzeLlm } from './llm-analyzer.js';
+import { parseFailures } from './parser.js';
+import { getProvider } from './providers/index.js';
+import { buildJsonReport } from './reporter.js';
+import { persistRun } from './flake-store.js';
 import { getPRForRun, postOrUpdateComment, uploadArtifact } from './github.js';
 function parseBool(value, defaultValue) {
     if (!value)
         return defaultValue;
     return value.toLowerCase() === 'true';
 }
-function flattenFailures(job) {
-    if (job.failures)
-        return job.failures;
-    const out = [];
-    for (const step of job.steps ?? []) {
-        for (const failure of step.failures ?? []) {
-            out.push(failure);
-        }
-    }
-    return out;
-}
-function asReport(raw, repo, runId) {
-    if (raw && typeof raw === 'object' && 'summary' in raw && 'jobs' in raw && 'status' in raw) {
-        return raw;
-    }
-    const rows = Array.isArray(raw) ? raw : [];
-    const jobs = rows.map((row, idx) => ({
-        name: row.workflowName ?? `failed-job-${idx + 1}`,
-        status: 'failed',
-        failures: [
-            {
-                test_name: row.displayTitle ?? 'Unknown failure',
-                error: row.cause ?? 'Unknown cause',
-                suggested_fix: row.fix,
-            },
-        ],
-    }));
-    const total = jobs.reduce((acc, job) => acc + flattenFailures(job).length, 0);
-    return {
-        version: '1.0',
-        repo,
-        run_id: runId,
-        timestamp: new Date().toISOString(),
-        status: total > 0 ? 'fail' : 'pass',
-        jobs,
-        summary: {
-            total_failures: total,
-            flaky_count: 0,
-            real_count: total,
-            categories: {},
-            root_cause: total > 0 ? 'See failed job sections for causes.' : 'No failures detected.',
-            action: total > 0 ? 'fix' : 'none',
-        },
-    };
-}
-function main() {
+async function main() {
     const token = process.env.INPUT_TOKEN;
     const repo = process.env.GITHUB_REPOSITORY;
     const runIdRaw = process.env.GITHUB_RUN_ID;
@@ -63,25 +23,76 @@ function main() {
         throw new Error('Missing GITHUB_REPOSITORY');
     if (!outputPath)
         throw new Error('Missing GITHUB_OUTPUT');
-    const flakeDetect = parseBool(process.env.CI_TRIAGE_FLAKE_DETECT, true);
     const shouldComment = parseBool(process.env.CI_TRIAGE_COMMENT, true);
     const shouldUploadArtifact = parseBool(process.env.CI_TRIAGE_JSON_ARTIFACT, true);
-    const historyDepth = Number(process.env.CI_TRIAGE_HISTORY_DEPTH ?? '20');
-    const runId = runIdRaw ? Number(runIdRaw) : undefined;
-    const triageArgs = ['dist/index.js', repo, '--json'];
-    if (flakeDetect) {
-        triageArgs.push('--flake-detect', '--history', String(historyDepth));
+    const providerOverride = process.env.CI_TRIAGE_PROVIDER;
+    const llmEnabledByEnv = parseBool(process.env.CI_TRIAGE_LLM, false);
+    const llmModel = process.env.CI_TRIAGE_LLM_MODEL?.trim() || 'gpt-4.1-mini';
+    const runId = runIdRaw && /^\d+$/.test(runIdRaw) ? Number(runIdRaw) : undefined;
+    process.env.GH_TOKEN = token;
+    process.env.GITHUB_TOKEN = token;
+    const provider = getProvider(providerOverride);
+    const canHandle = await provider.canHandle(repo);
+    if (!canHandle) {
+        throw new Error(`Provider "${provider.name}" cannot handle repo "${repo}" in this environment.`);
     }
-    const rawJson = execFileSync('node', triageArgs, {
-        encoding: 'utf8',
-        env: {
-            ...process.env,
-            GH_TOKEN: token,
-            GITHUB_TOKEN: token,
+    const requestedRunId = runIdRaw ? (runId ? runId : runIdRaw) : undefined;
+    const run = await provider.resolveRun(repo, requestedRunId);
+    const [logBundle, metadata] = await Promise.all([
+        provider.fetchLogs({ provider: provider.name, repo, runId: run.id }),
+        provider.fetchMetadata({ provider: provider.name, repo, runId: run.id }),
+    ]);
+    const rawLog = logBundle.combined;
+    const failures = parseFailures(rawLog);
+    const classified = failures.map((failure) => ({
+        ...failure,
+        classification: classify(failure),
+    }));
+    const runInfo = {
+        databaseId: Number(run.id) || 0,
+        displayTitle: run.displayTitle,
+        workflowName: run.workflowName,
+        conclusion: run.conclusion,
+        url: run.url,
+    };
+    const report = buildJsonReport({
+        repo,
+        run: runInfo,
+        failures: classified,
+        metadata: {
+            headSha: metadata.headSha,
+            headBranch: metadata.headBranch,
+            event: metadata.event,
         },
-    }).trim();
-    const rawReport = rawJson ? JSON.parse(rawJson) : [];
-    const report = asReport(rawReport, repo, runId);
+    });
+    const llmEnabled = llmEnabledByEnv || !!process.env.OPENAI_API_KEY;
+    if (llmEnabled) {
+        const failureEntries = classified.map((f) => ({
+            type: f.classification?.type ?? 'unknown',
+            error: f.error,
+            stack: f.stack?.join('\n'),
+            category: f.classification?.category ?? 'unknown',
+            severity: f.classification?.severity ?? 'low',
+            suggested_fix: f.classification?.suggestedFix ?? '',
+            flaky: { is_flaky: false, confidence: 0, pass_rate_7d: 1, last_5_runs: [] },
+        }));
+        report.analysis = await analyzeLlm(failureEntries, rawLog, {
+            model: llmModel,
+            enabled: llmEnabled,
+        });
+    }
+    try {
+        const testMap = {};
+        for (const failure of classified) {
+            if (failure.stepName) {
+                testMap[failure.stepName] = 'fail';
+            }
+        }
+        persistRun(repo, String(run.id), new Date().toISOString(), testMap);
+    }
+    catch {
+        // non-fatal
+    }
     const reportJson = JSON.stringify(report);
     const failureCount = String(report.summary.total_failures);
     const status = report.status === 'failed' ? 'fail' : report.status;
@@ -101,4 +112,8 @@ function main() {
     appendFileSync(outputPath, `failure-count=${failureCount}\n`);
     appendFileSync(outputPath, `artifact-path=${artifactPath}\n`);
 }
-main();
+main().catch((err) => {
+    const message = err instanceof Error ? err.message : String(err);
+    console.error(message);
+    process.exit(1);
+});

package/dist/classifier.js

@@ -39,6 +39,47 @@ const RULES = [
         suggestedFix: 'Inspect failing expectations and fix logic or stabilize flaky assertions.',
         patterns: [/\b(?:assertionerror|assertion failed|expected .* but received|\bFAIL\b.*\.(?:test|spec)\.)\b/i],
     },
+    {
+        category: 'http_error',
+        severity: 'high',
+        type: 'external_service',
+        cause: 'HTTP request failed with non-success status',
+        suggestedFix: 'Check endpoint/auth configuration and add retries/backoff for transient failures.',
+        patterns: [/\b(?:http\s*(?:403|404|5\d{2})|403 forbidden|404 not found)\b/i],
+    },
+    {
+        category: 'infra_config',
+        severity: 'high',
+        type: 'configuration_error',
+        cause: 'CI infrastructure or workflow configuration error',
+        suggestedFix: 'Fix workflow/config settings for Actions, Pages, or CodeQL before rerunning.',
+        patterns: [
+            /\b(?:configuration error.*(?:codeql|code[- ]scanning)|codeql.*configuration error)\b/i,
+            /\b(?:error:\s*get pages site failed|httperror:\s*not found.*pages?)\b/i,
+        ],
+    },
+    {
+        category: 'file_conflict',
+        severity: 'medium',
+        type: 'build_error',
+        cause: 'Input/output path conflict',
+        suggestedFix: 'Use distinct input and output paths and avoid in-place writes for copied artifacts.',
+        patterns: [/\b(?:input file is output file|is the same file)\b/i],
+    },
+    {
+        category: 'script_error',
+        severity: 'high',
+        type: 'runtime_error',
+        cause: 'Shell script or command execution failure',
+        suggestedFix: 'Validate shell commands, dependencies, and script paths in the failing step.',
+        patterns: [
+            /^.+:\s*line\s+\d+:\s*.+$/im,
+            /\bcommand not found\b/i,
+            /\bError:\s*Process completed with exit code\s+[1-9]\d*\b/i,
+            /\b(?:bash|sh|zsh):\s*.+\b(?:permission denied|no such file or directory)\b/i,
+            /\bnpm ERR!\b/i,
+        ],
+    },
     {
         category: 'docker_error',
         severity: 'high',
@@ -131,6 +172,33 @@ function confidenceFromMatch(failure, patternHits) {
     }
     return Number(Math.min(0.99, score).toFixed(2));
 }
+export function fixActionForCategory(category, context) {
+    const haystack = context.toLowerCase();
+    if (category === 'http_error') {
+        if (/\b404\b|not found/.test(haystack)) {
+            if (/\bfeature\b|disabled|not enabled|enable/.test(haystack)) {
+                return 'enable-feature';
+            }
+            return 'rename-ref';
+        }
+        return 'unknown';
+    }
+    if (category === 'missing_env')
+        return 'add-env-var';
+    if (category === 'file_conflict' || category === 'script_error')
+        return 'fix-script';
+    if (category === 'dependency_security')
+        return 'update-dependency';
+    if (category === 'timeout')
+        return 'retry';
+    if (category === 'infra_config') {
+        if (/\bworkflow\b.*\bnot found\b|\bdelete workflow\b|does not exist/.test(haystack)) {
+            return 'delete-workflow';
+        }
+        return 'update-config';
+    }
+    return 'unknown';
+}
 export function classify(failure) {
     const haystack = [failure.error, ...failure.stack, ...failure.rawLines].join('\n');
     for (const rule of RULES) {
@@ -143,6 +211,7 @@ export function classify(failure) {
                 cause: rule.cause,
                 suggestedFix: rule.suggestedFix,
                 type: rule.type,
+                fixAction: fixActionForCategory(rule.category, haystack),
             };
         }
     }
@@ -153,5 +222,6 @@ export function classify(failure) {
         cause: 'Unknown (manual triage needed)',
         suggestedFix: 'Open failed logs and inspect the first failing step in detail.',
         type: 'unknown_failure',
+        fixAction: 'unknown',
     };
 }

package/dist/flake-store.js

@@ -1,5 +1,5 @@
 import Database from 'better-sqlite3';
-import { mkdirSync } from 'node:fs';
+import { mkdirSync, statSync } from 'node:fs';
 import { homedir } from 'node:os';
 import { join } from 'node:path';
 let _db = null;
@@ -32,9 +32,21 @@ function bootstrap(db) {
       FOREIGN KEY (run_id) REFERENCES runs(id)
     );
 
+    CREATE TABLE IF NOT EXISTS remediations (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      repo TEXT NOT NULL,
+      run_id TEXT NOT NULL,
+      fix_action TEXT NOT NULL,
+      description TEXT NOT NULL,
+      resolved_at TEXT NOT NULL,
+      resolved_commit TEXT,
+      verified_clean_run_id TEXT
+    );
+
     CREATE INDEX IF NOT EXISTS idx_runs_repo ON runs(repo);
     CREATE INDEX IF NOT EXISTS idx_test_results_run_id ON test_results(run_id);
     CREATE INDEX IF NOT EXISTS idx_test_results_test_name ON test_results(test_name);
+    CREATE INDEX IF NOT EXISTS idx_remediations_repo ON remediations(repo);
   `);
 }
 /** Persist a run and its test outcomes. */
@@ -97,6 +109,99 @@ export function isFlakySqlite(repo, testName) {
     const is_flaky = row.fail_count > 0 && row.pass_count > 0;
     return { is_flaky, fail_count: row.fail_count, pass_count: row.pass_count, flake_ratio };
 }
+/** Remove runs older than `daysOld` days. Returns number of runs deleted. */
+export function pruneRuns(daysOld = 90) {
+    const db = getDb();
+    const cutoff = new Date(Date.now() - daysOld * 24 * 60 * 60 * 1000).toISOString();
+    // Delete test_results for old runs first (FK constraint)
+    db.prepare(`
+    DELETE FROM test_results
+    WHERE run_id IN (SELECT id FROM runs WHERE created_at < ?)
+  `).run(cutoff);
+    const result = db.prepare('DELETE FROM runs WHERE created_at < ?').run(cutoff);
+    return result.changes;
+}
+export function getDbStats(repo) {
+    const db = getDb();
+    const path = dbPath();
+    const runCountRow = repo
+        ? db.prepare('SELECT COUNT(*) AS count FROM runs WHERE repo = ?').get(repo)
+        : db.prepare('SELECT COUNT(*) AS count FROM runs').get();
+    const testResultCountRow = repo
+        ? db.prepare(`
+      SELECT COUNT(*) AS count
+      FROM test_results tr
+      JOIN runs r ON tr.run_id = r.id
+      WHERE r.repo = ?
+    `).get(repo)
+        : db.prepare('SELECT COUNT(*) AS count FROM test_results').get();
+    const flakyTestCountRow = repo
+        ? db.prepare(`
+      SELECT COUNT(*) AS count
+      FROM (
+        SELECT
+          tr.test_name
+        FROM test_results tr
+        JOIN runs r ON tr.run_id = r.id
+        WHERE r.repo = ?
+        GROUP BY tr.test_name
+        HAVING
+          SUM(CASE WHEN tr.status IN ('fail', 'error') THEN 1 ELSE 0 END) > 0
+          AND SUM(CASE WHEN tr.status = 'pass' THEN 1 ELSE 0 END) > 0
+      ) t
+    `).get(repo)
+        : db.prepare(`
+      SELECT COUNT(*) AS count
+      FROM (
+        SELECT
+          r.repo,
+          tr.test_name
+        FROM test_results tr
+        JOIN runs r ON tr.run_id = r.id
+        GROUP BY r.repo, tr.test_name
+        HAVING
+          SUM(CASE WHEN tr.status IN ('fail', 'error') THEN 1 ELSE 0 END) > 0
+          AND SUM(CASE WHEN tr.status = 'pass' THEN 1 ELSE 0 END) > 0
+      ) t
+    `).get();
+    return {
+        run_count: runCountRow?.count ?? 0,
+        test_result_count: testResultCountRow?.count ?? 0,
+        flaky_test_count: flakyTestCountRow?.count ?? 0,
+        db_path: path,
+        db_size_bytes: statSync(path).size,
+    };
+}
+/** Mark a run as resolved. Deduplicates on (repo, run_id). */
+export function markResolved(repo, runId, fixAction, description, resolvedCommit) {
+    const db = getDb();
+    const existing = db.prepare('SELECT id FROM remediations WHERE repo = ? AND run_id = ?').get(repo, String(runId));
+    if (existing)
+        return;
+    db.prepare('INSERT INTO remediations (repo, run_id, fix_action, description, resolved_at, resolved_commit) VALUES (?, ?, ?, ?, ?, ?)').run(repo, String(runId), fixAction, description, new Date().toISOString(), resolvedCommit ?? null);
+}
+/** Mark a subsequent clean run as verifying the fix. */
+export function markVerified(repo, runId, cleanRunId) {
+    const db = getDb();
+    db.prepare('UPDATE remediations SET verified_clean_run_id = ? WHERE repo = ? AND run_id = ?')
+        .run(String(cleanRunId), repo, String(runId));
+}
+/** Get remediation history for a repo, newest first. */
+export function getRemediations(repo) {
+    const db = getDb();
+    const rows = db.prepare(`
+    SELECT id, repo, run_id, fix_action, description, resolved_at, resolved_commit, verified_clean_run_id
+    FROM remediations
+    WHERE repo = ?
+    ORDER BY id DESC
+  `).all(repo);
+    return rows.map((r) => ({
+        ...r,
+        resolved_commit: r.resolved_commit ?? undefined,
+        verified_clean_run_id: r.verified_clean_run_id ?? undefined,
+        is_verified: !!r.verified_clean_run_id,
+    }));
+}
 /** Close the DB (useful in tests). */
 export function closeDb() {
     if (_db) {