Skip to content

Implement AI Scanner Timeout & Fallback Strategy #147

Description

@GauravKarakoti
  • Description: The PR scanning workflow relies entirely on Groq's Llama 3.1 model generating the security report. If the Groq API experiences downtime, rate-limiting, or a timeout on an exceptionally large PR diff, the GitHub Check Run could hang indefinitely in a "Pending" state, blocking developers from merging their code.
  • Proposed Solution:
    • Implement a strict timeout wrapper around the LLM invocation in ArmorIQScanner.
    • If the scan times out or the API fails, gracefully catch the error and update the GitHub Check Run status to Neutral or Skipped.
    • Log the failure comprehensively in the AuditLog with the error details in the metadata JSON field.
    • Post a fallback PR comment notifying the developer that the automated security scan could not be completed.

Metadata

Metadata

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions