wip

Signed-off-by: Joe Isaacs <[email protected]>

Author: joseph-isaacs

.github/workflows/fuzz.yml

@@ -155,44 +155,113 @@ jobs:
           echo "=== Fuzzer log preview (last 100 lines, where crashes are reported) ==="
           tail -100 logs/fuzz_output.log || echo "No log file"
 
-      - name: Setup Python
-        uses: actions/setup-python@v5
+      # Use Claude Code Action to analyze crash and decide if duplicate
+      - name: Analyze crash with Claude
+        uses: anthropics/claude-code-action@v1
         with:
-          python-version: '3.11'
-
-      - name: Install dependencies
-        run: pip install anthropic
-
-      #      - name: Check for duplicate issue
-      #        id: dedup
-      #        env:
-      #          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      #          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
-      #        run: |
-      #          python scripts/check_fuzzer_duplicate.py \
-      #            "${{ needs.io_fuzz.outputs.first_crash_name }}" \
-      #            "logs/fuzz_output.log" \
-      #            "${{ github.repository }}" > dedup_result.json
-      #
-      #          # Check exit code (0 = not duplicate, 1 = duplicate)
-      #          if [ $? -eq 0 ]; then
-      #            echo "is_duplicate=false" >> $GITHUB_OUTPUT
-      #            echo "Not a duplicate, will create new issue"
-      #          else
-      #            echo "is_duplicate=true" >> $GITHUB_OUTPUT
-      #            ISSUE_NUM=$(jq -r '.issue_number' dedup_result.json)
-      #            echo "issue_number=$ISSUE_NUM" >> $GITHUB_OUTPUT
-      #            echo "Duplicate of issue #$ISSUE_NUM"
-      #          fi
-      #
-      #          # Show result
-      #          cat dedup_result.json
-
-      - name: Create GitHub issue
-        if: 0 && steps.dedup.outputs.is_duplicate == 'false'
+          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+          prompt: |
+            # Fuzzer Crash Analysis Task
+
+            A fuzzing run for the `file_io` target has detected a crash. Your task is to analyze it and determine if it's a duplicate of an existing issue.
+
+            ## Step 1: Analyze the Crash
+
+            1. Read the fuzzer log: `logs/fuzz_output.log`
+            2. Extract the stack trace (lines starting with `#0`, `#1`, etc.)
+            3. Extract the error message (look for "panicked at" or "ERROR:")
+            4. Identify the crash location (top frame in the stack trace from user code, not std/core)
+            5. Read the source code at the crash location to understand what failed
+
+            ## Step 2: Check for Duplicates
+
+            1. List existing fuzzer issues:
+               ```bash
+               gh issue list --repo ${{ github.repository }} --label fuzzer --state open --json number,title,body --limit 50
+               ```
+
+            2. For each existing issue:
+               - Compare stack traces: Do they crash at the same location (same file + function)?
+               - Compare error messages: Are they the same error pattern?
+                 - IMPORTANT: Normalize values when comparing!
+                 - "index 5 out of bounds" and "index 12 out of bounds" are THE SAME bug
+                 - "len is 100" and "len is 5" are THE SAME bug
+               - If needed, read source code at the crash location to understand if it's the same assertion/panic
+
+            3. Make a decision:
+               - **DUPLICATE** if: Same crash location + same error pattern (values can differ)
+               - **NEW BUG** if: Different location OR different error type
+
+            ## Step 3: Output Decision
+
+            Create a file `decision.json` with this exact format:
+
+            ```json
+            {
+              "is_duplicate": true or false,
+              "duplicate_of": issue_number (if duplicate) or null,
+              "confidence": "high" | "medium" | "low",
+              "reasoning": "Explain your decision in 2-3 sentences",
+              "crash_location": "file.rs:function_name",
+              "error_message": "the extracted error message",
+              "stack_trace_preview": "top 5 frames",
+              "suggested_title": "Brief title for new issue (if not duplicate)"
+            }
+            ```
+
+            ## Important Notes
+
+            - You have full access to the repository - read any source files you need
+            - Be conservative: when unsure, mark as NEW BUG (false negatives are better than false positives)
+            - The goal is to prevent duplicate issues while being careful not to merge distinct bugs
+            - Focus on the ROOT CAUSE, not the specific values in error messages
+
+            ## Context
+
+            - Target: file_io
+            - Crash file: ${{ needs.io_fuzz.outputs.first_crash_name }}
+            - Total crashes: ${{ needs.io_fuzz.outputs.crash_count }}
+            - Workflow: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
+
+            Start by reading the fuzzer log.
+          claude_args: |
+            --model claude-sonnet-4-5-20250929
+            --max-turns 20
+
+      - name: Read Claude's decision
+        id: decision
+        run: |
+          if [ ! -f decision.json ]; then
+            echo "Error: decision.json not found"
+            exit 1
+          fi
+
+          cat decision.json
+
+          IS_DUP=$(jq -r '.is_duplicate' decision.json)
+          DUPLICATE_OF=$(jq -r '.duplicate_of // empty' decision.json)
+
+          echo "is_duplicate=$IS_DUP" >> $GITHUB_OUTPUT
+          echo "duplicate_of=$DUPLICATE_OF" >> $GITHUB_OUTPUT
+
+          if [ "$IS_DUP" = "true" ]; then
+            echo "✓ Claude identified this as a duplicate of issue #$DUPLICATE_OF"
+          else
+            echo "✓ Claude identified this as a NEW bug"
+          fi
+
+      - name: Create GitHub issue for new bug
+        if: steps.decision.outputs.is_duplicate == 'false'
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
+          # Extract data from Claude's analysis
+          TITLE=$(jq -r '.suggested_title' decision.json)
+          CRASH_LOCATION=$(jq -r '.crash_location' decision.json)
+          ERROR_MESSAGE=$(jq -r '.error_message' decision.json)
+          STACK_TRACE=$(jq -r '.stack_trace_preview' decision.json)
+          REASONING=$(jq -r '.reasoning' decision.json)
+
           # Extract crash type from filename
           CRASH_FILE="${{ needs.io_fuzz.outputs.first_crash_name }}"
           if [[ "$CRASH_FILE" == crash-* ]]; then
@@ -207,21 +276,37 @@ jobs:
             CRASH_TYPE="Unknown"
           fi
 
-          # Create issue with gh CLI
+          # Create issue with gh CLI, using Claude's analysis
           gh issue create \
             --repo ${{ github.repository }} \
-            --title "Fuzzing $CRASH_TYPE: file_io - $(date -u +%Y-%m-%d)" \
+            --title "Fuzzing $CRASH_TYPE: $TITLE" \
             --label "bug,fuzzer" \
-            --body-file - <<'EOF'
+            --body "$(cat <<EOF_BODY
           ## Fuzzing Crash Report
 
-          The `file_io` fuzzing target detected a $CRASH_TYPE during a scheduled fuzzing run.
+          The \`file_io\` fuzzing target detected a $CRASH_TYPE during a scheduled fuzzing run.
+
+          ### Claude's Analysis
+
+          **Crash Location**: \`$CRASH_LOCATION\`
+
+          **Error Message**:
+          \`\`\`
+          $ERROR_MESSAGE
+          \`\`\`
+
+          **Stack Trace Preview**:
+          \`\`\`
+          $STACK_TRACE
+          \`\`\`
+
+          **Analysis**: $REASONING
 
           ### Summary
 
           - **Crash Type**: $CRASH_TYPE
-          - **Target**: `file_io`
-          - **Crash File**: `${{ needs.io_fuzz.outputs.first_crash_name }}`
+          - **Target**: \`file_io\`
+          - **Crash File**: \`${{ needs.io_fuzz.outputs.first_crash_name }}\`
           - **Total Crashes Found**: ${{ needs.io_fuzz.outputs.crash_count }}
           - **Workflow Run**: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
           - **Timestamp**: $(date -u +"%Y-%m-%d %H:%M:%S UTC")
@@ -234,38 +319,37 @@ jobs:
           **https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}**
 
           Artifacts available:
-          - `io-fuzzing-crash-artifacts` - All crash files found (includes ${{ needs.io_fuzz.outputs.crash_count }} crashes)
-          - `io-fuzzing-logs` - Complete fuzzer output with stack traces
+          - \`io-fuzzing-crash-artifacts\` - All crash files found (includes ${{ needs.io_fuzz.outputs.crash_count }} crashes)
+          - \`io-fuzzing-logs\` - Complete fuzzer output with stack traces
 
           ### Reproduction Steps
 
-          1. Download the `io-fuzzing-crash-artifacts` from the workflow run above
-          2. Extract the crash file to your local `fuzz/artifacts/file_io/` directory
+          1. Download the \`io-fuzzing-crash-artifacts\` from the workflow run above
+          2. Extract the crash file to your local \`fuzz/artifacts/file_io/\` directory
           3. Reproduce the crash locally:
 
-          ```bash
+          \`\`\`bash
           cargo +nightly fuzz run file_io fuzz/artifacts/file_io/${{ needs.io_fuzz.outputs.first_crash_name }}
-          ```
+          \`\`\`
 
           4. Get full backtrace:
 
-          ```bash
+          \`\`\`bash
           RUST_BACKTRACE=full cargo +nightly fuzz run file_io fuzz/artifacts/file_io/${{ needs.io_fuzz.outputs.first_crash_name }}
-          ```
+          \`\`\`
 
           5. Minimize the test case (optional):
 
-          ```bash
+          \`\`\`bash
           cargo +nightly fuzz tmin file_io fuzz/artifacts/file_io/${{ needs.io_fuzz.outputs.first_crash_name }}
-          ```
+          \`\`\`
 
           ### Investigation Checklist
 
           - [ ] Download crash artifacts from workflow run
           - [ ] Reproduce crash locally with full backtrace
           - [ ] Analyze stack trace and identify root cause
           - [ ] Determine severity (security vs stability)
-          - [ ] Check if this is a duplicate of an existing issue
           - [ ] Minimize test case if needed
           - [ ] Create fix PR with reference to this issue
           - [ ] Add regression test
@@ -286,28 +370,37 @@ jobs:
 
           ---
 
-          *Automatically created by fuzzing workflow*
+          *Automatically created by fuzzing workflow with Claude AI analysis*
           *Workflow file: [fuzz.yml](https://github.com/${{ github.repository }}/blob/${{ github.ref_name }}/.github/workflows/fuzz.yml)*
           *Run: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}*
-          EOF
+          EOF_BODY
+          )"
 
       - name: Comment on duplicate issue
-        if: steps.dedup.outputs.is_duplicate == 'true'
+        if: steps.decision.outputs.is_duplicate == 'true'
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
-          ISSUE_NUM="${{ steps.dedup.outputs.issue_number }}"
+          ISSUE_NUM="${{ steps.decision.outputs.duplicate_of }}"
+          REASONING=$(jq -r '.reasoning' decision.json)
+          CONFIDENCE=$(jq -r '.confidence' decision.json)
 
           gh issue comment "$ISSUE_NUM" \
             --repo ${{ github.repository }} \
-            --body-file - <<'EOF'
+            --body "$(cat <<EOF_COMMENT
           ## Additional Crash Detected
 
-          Another crash was found in the `file_io` fuzzing target that appears to be a duplicate of this issue.
+          Another crash was found in the \`file_io\` fuzzing target that appears to be a duplicate of this issue.
+
+          ### Claude's Analysis
+
+          **Confidence**: $CONFIDENCE
+
+          **Reasoning**: $REASONING
 
           ### Details
 
-          - **Crash File**: `${{ needs.io_fuzz.outputs.first_crash_name }}`
+          - **Crash File**: \`${{ needs.io_fuzz.outputs.first_crash_name }}\`
           - **Total Crashes**: ${{ needs.io_fuzz.outputs.crash_count }} found in this run
           - **Workflow Run**: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
           - **Timestamp**: $(date -u +"%Y-%m-%d %H:%M:%S UTC")
@@ -316,11 +409,12 @@ jobs:
 
           Download crash artifacts from: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
 
-          The fuzzing infrastructure detected this as a likely duplicate based on similar stack traces and error messages.
+          Claude analyzed the crash and determined it matches this issue based on crash location, error pattern, and code analysis.
 
           ---
           *Automatically added by fuzzing workflow*
-          EOF
+          EOF_COMMENT
+          )"
 
   ops_fuzz:
     name: "Array Operations Fuzz"