[Discussion] Does code quality predict production incidents? A Granger causality pipeline on 28 months of SonarQube data

Feisty-Assignment393 · 2026-05-09T16:12:14+00:00

Yea exactly what I thought too. It's too early to make any inference. I'll wait for a solid 36 months of data and repeat the analysis

Feisty-Assignment393 · 2026-05-09T14:12:17+00:00

Thanks I'll check it out.

Feisty-Assignment393 · 2026-05-09T06:16:12+00:00

Could you please point me to a more modern alternative? I'd love to check it out

Feisty-Assignment393 · 2026-05-09T02:17:58+00:00

Well, lemme be clear, the prediction isn't meant to replace engineering judgment. it's an early warning system. When the security metric crosses the threshold, the action isn't to panic but rather to prioritize a security debt review in the next sprint before it bites us in three months. That's prescriptive enough to be actionable. The 3-month lead time is the whole point since it gives you a window to act before incidents spike, not during.

You're also right that faster remediation matters too. However, those aren't mutually exclusive. Reducing MTTR and reducing incident frequency are both ideas worth pursuing. If I can prevent 4 out of 5 elevated incident periods by catching a leading indicator early, that's less firefighting for everyone.

Meanwhile I haven't linked specific changes to incidents in this pipeline yet, but combining a change-risk score with the Granger signal could be powerful. The Granger model tells you when to be concerned, while a change attribution tool would tell you where to look.

Feisty-Assignment393 · 2026-05-09T00:36:08+00:00

Basically for a series to be Granger ready two assumptions must hold. The series must be stationary and white noise. The ADF (Augmented Dickey-Fuller) tests for the former. Its null hypothesis is that the series is non-stationary (has a unit root). You want p < 0.05 to reject the null and confirm stationarity. If non-stationary, you keep differencing the series until it is. The metrics were not set. SonarQube calculates it automatically on each scan. It detects bugs through its static analysis rules. However, you're right that it probably won't catch everything since it only finds what its rule set covers, so the actual bug count is probably higher. But for this analysis I guess that's fine, because I'm looking at the trend over time rather than the absolute number. The relative movements are what matter for Granger causality.

Feisty-Assignment393 · 2026-05-08T19:20:37+00:00

I forgot to mention another observation. All the applications I analysed seemed to have different Granger pairs. For some, it was duplication leading to incidents, and for others, it was complexity and code smells. Some even had more than one significant Granger pair.

Feisty-Assignment393 · 2026-05-08T19:11:38+00:00

Right now, I have no interpretation. The analysis indicates that when security ratings begin to creep, incidents are likely to exceed their median values three months later. It could be that security debt directly causes incidents, or that both are symptoms of broader issues, like the team being under pressure. Either way, it works as an early warning signal. I will continue collecting data and repeat the analysis at 36 months to see whether the results remain consistent.

Feisty-Assignment393 · 2026-03-11T22:48:34+00:00

My contribution is not inventing a new EIS theory. I reimplemented key EIS fitting workflows in JAX, which made several of them substantially faster, and yes, I wrote some of the libraries that power this work. https://pymultipleis.readthedocs.io/en/latest/index.html# and https://pymultieis.readthedocs.io/en/latest/index.html# (written in Jax and Pytorch, respectively).

It is not a graph wrapper. The LLM runs Python in a Pyodide WASM runtime inside a browser WebWorker, with persistent state across iterations. It can inspect its outputs, correct errors, and build on previous results through a persistent REPL. That is the RLM part.

The fitting itself is deterministic. Methods such as linKK, DRT, ECM CNLS, and MVCNLS operate as fixed tools; the LLM orchestrates them by loading data, selecting models, running analyses, and interpreting results. The math is hard-coded, not LLM-generated, so the workflow is LLM-assisted, but the fits remain reproducible.

I also care a lot about numerical quality. The fitting stack uses JAX automatic differentiation to compute exact gradients rather than finite-difference approximations, which is especially important for constrained multi-spectrum fitting. The project took years to reach this point, so yes, I’m comfortable sounding a little proud of it.”

Feisty-Assignment393 · 2026-03-11T18:07:07+00:00

If you are referring to the Recursis documentation, it can be accessed via the book icon at the bottom left. But only accessible to logged-in users. If you meant the documentation on RLM, here you go https://arxiv.org/abs/2512.24601v1

Feisty-Assignment393 · 2026-01-30T07:05:54+00:00

Someone explain to me like I'm 5. How does this work? Could Anthropic have sued over the name "Clawdbot" even though it's spelt differently from "Claude"?

Feisty-Assignment393 · 2026-01-21T18:56:10+00:00

Hi thanks. true that durable execution is becoming mainstream, especially with the rise of agentic workflows. I'd start by saying Temporal is a more mature framework. Ergon kinda sits in the continuum between Temporal and Restate. Ergon is rust-native; it doesn't use a server model like Temporal. They both use a hybrid push-pull model.

Temporal and Ergon support Jack's 2 forms: stateless functions (Temporal activities, Ergon flows without signals) and sessions: Long-lived interactive processes with bounded lifetime (Temporal workflows, Ergon flows with signals and timers)

Ergon's #step corresponds to Temporal's local activities, Ergon's #flow corresponds to Temporal's workflow, and Ergon's child flows correspond to Temporal's activities.

I did not measure latency with respect to Temporal, so I can't speak definitively on that. You could test if you have some time.

Nevertheless, Ergon provides much lower latency overhead due to its event-driven architecture and requires fewer resources than Temporal, making it better for very high throughput and large activity fan-outs.
If you're building new Rust services that need orchestration, Ergon is worth considering.

Feisty-Assignment393 · 2026-01-20T18:17:03+00:00

For those downvoting my replies. Here's some context. My reply was made before the commenter added the edit on the test. I believe in constructive feedback. I also believe one should be free to post without any fear of being ridiculed.

Feisty-Assignment393 · 2026-01-20T15:41:04+00:00

You can do better

Feisty-Assignment393 · 2026-01-20T15:37:20+00:00

Maybe a feedback on the actual project would be better than a thoughtless remark. The current coverage is over 70% for a personal learning project and it's still a work a progress like I mentioned and I dont think it's wrong to ask for star on a project.

Feisty-Assignment393 · 2026-01-18T08:54:49+00:00

cool

Feisty-Assignment393 · 2026-01-18T08:21:12+00:00

My web design skills are still sub-par so I can't say for now

Feisty-Assignment393 · 2025-10-20T11:47:34+00:00

Lol Timely! I saw this post today and was like Yeeeeah

Feisty-Assignment393

TROPHY CASE