feat: add excluded_components config to filter components from scan

[ItzikEzra-rh]

Summary

• Adds jira.excluded_components config option to skip specific Jira components during triage scan
• When configured, appends AND component NOT IN (...) to the scan JQL query
• OSAC config excludes the Enclave component — these bugs are out of scope for AI triage
• Backward compatible: empty/unset means no filtering (existing behavior)

Changes

• config/config.go — add ExcludedComponents []string to JiraConfig + env binding
• scanner/scanner.go — modify buildJQL() to use the new field
• deploy/osac/values.yaml — set excluded_components: ["Enclave"]

Test plan

• go build ./... passes
• go test ./config/ passes
• gofmt clean
• After deploy: verify scan JQL in logs includes component NOT IN ("Enclave")
• Verify Enclave bugs no longer get triage labels

🤖 Generated with Claude Code

Packages and Components Affected

Packages: config/, scanner/

Control Plane: This change affects the control plane's polling/scanning phase. It modifies the Jira query construction in the scanner to exclude specified components before bugs are fetched, preventing out-of-scope components from entering triage processing.

Configuration, Helm Charts, and Deployment:

• Configuration: Extended config.JiraConfig with ExcludedComponents []string field, bound to environment variable TRIAGE_BOT_JIRA_EXCLUDED_COMPONENTS
• Helm Charts: Added excluded_components configuration option under config.jira in chart/triage-bot/values.yaml
• Deployment: Configured OSAC deployment to exclude the Enclave component via deploy/osac/values.yaml

Implementation Summary

The PR introduces component filtering for Jira triage scans:

• JQL Query Enhancement: Modified Scanner.buildJQL() to conditionally append AND component NOT IN (...) clause when excluded components are configured
• Configuration: Added ExcludedComponents field to JiraConfig with mapstructure binding and environment variable support
• Test Coverage: Added TestBuildJQL with three test cases covering no exclusion, single component, and multiple component scenarios
• Backward Compatibility: The feature is backward compatible; when configuration is empty, no filtering is applied

The implementation allows operators to exclude components out of scope for AI triage at query time, reducing unnecessary processing and improving triage efficiency.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Enterprise

Run ID: 802166ce-306d-4b12-8169-94e8bdd35c48

📥 Commits

Reviewing files that changed from the base of the PR and between 5b49c66 and 4ddaf47.

📒 Files selected for processing (5)

• chart/triage-bot/values.yaml
• config/config.go
• deploy/osac/values.yaml
• scanner/scanner.go
• scanner/scanner_test.go

---

Walkthrough

Adds an ExcludedComponents []string field to JiraConfig, binds it to an environment variable in LoadConfig, and conditionally appends a component NOT IN (...) clause in buildJQL(). Helm chart defaults are set to an empty array; the OSAC deployment excludes "Enclave". A new test file validates all three exclusion cases.

Changes

Jira Component Exclusion Filter

Layer / File(s)	Summary
JiraConfig schema and env binding config/config.go	JiraConfig gains ExcludedComponents []string mapped to excluded_components; LoadConfig binds jira.excluded_components to TRIAGE_BOT_JIRA_EXCLUDED_COMPONENTS.
buildJQL conditional component filter and tests scanner/scanner.go, scanner/scanner_test.go	buildJQL() incrementally builds the JQL string, appending component NOT IN (...) only when ExcludedComponents is non-empty. TestBuildJQL validates the exact output for zero, one, and multiple exclusions.
Helm chart defaults and OSAC deployment values chart/triage-bot/values.yaml, deploy/osac/values.yaml	Chart default sets excluded_components: []; OSAC deployment sets excluded_components: ["Enclave"].

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested labels

scanner, helm/deploy, config

Poem

A component named Enclave said "not me!"
The JQL now bends with NOT IN decree 🚫
Config grows a new slice, env vars align,
Tests check every case — zero, one, nine.
The triage bot scans with surgical grace 🤖

---

Important

Pre-merge checks failed

Please resolve all errors before merging. Addressing warnings is optional.

❌ Failed checks (1 error, 1 warning)

Check name	Status	Explanation	Resolution
Ai-Attribution	❌ Error	Commit 4ddaf47 uses Co-Authored-By for AI tool (Claude Opus), which violates the check. Only Assisted-by, Generated-by, or Made-with are acceptable for AI attribution.	Replace Co-Authored-By trailer with Assisted-by, Generated-by, or Made-with trailer on commit 4ddaf47.
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (11 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: adding excluded_components config to filter Jira components from scans.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
No-Hardcoded-Secrets	✅ Passed	No hardcoded secrets detected. The PR adds component exclusion feature via ExcludedComponents field, values.yaml configs, and environment variable binding—all benign non-secret values without API k...
No-Weak-Crypto	✅ Passed	PR contains no weak cryptographic algorithms, custom crypto implementations, or non-constant-time secret comparisons. Changes are limited to JQL query string building for component filtering.
No-Injection-Vectors	✅ Passed	Code uses fmt.Sprintf("%q", ...) to safely escape and quote component names in JQL, preventing injection. Consistent with project key handling; values from configuration/env only.
Container-Privileges	✅ Passed	PR contains no container privilege escalation issues. Helm charts already enforce secure defaults: allowPrivilegeEscalation: false, runAsNonRoot: true, seccompProfile, dropped ALL capabilities. Cha...
No-Sensitive-Data-In-Logs	✅ Passed	No sensitive data logging found. The logged JQL query contains only public Jira project keys and component names, not credentials, API keys, PII, or internal data.
Resource-Leaks	✅ Passed	The PR introduces no resource leaks: buildJQL() is pure string manipulation, goroutines are properly managed with WaitGroup and context cancellation, HTTP responses are closed via defer in existing...
Unchecked-Errors	✅ Passed	PR contains no unchecked error assignments to blank identifiers or silent error swallowing. New config binding properly checks errors via closure pattern; buildJQL() has no error-returning calls.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}

[adalton]

The logic looks correct and the config plumbing is clean. Two things before merging:

1. Scanner tests needed — see inline comment.
2. Document the new field in chart/triage-bot/values.yaml — every other jira.* field has a default and comment in the chart's values file. Please add excluded_components: [] with a short comment (e.g., # -- Component names to exclude from the scan JQL) so the chart stays self-documenting.

[adalton]

Both items addressed — scanner tests cover all three branches and the chart default is documented. LGTM.