Skip to content

fix: use per-page fetch for multi-status bugs list queries #298

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
sachiniyer merged 3 commits into from
May 16, 2026
Merged

fix: use per-page fetch for multi-status bugs list queries #298

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
5038b23
fix: use per-page fetch for multi-status queries instead of exhaustin…
devin-ai-integration[bot] May 16, 2026
1c8a94d
fix: distribute limit across statuses to preserve page-size contract
devin-ai-integration[bot] May 16, 2026
e97c5b2
fix: use over-fetch-and-truncate for multi-status page queries
devin-ai-integration[bot] May 16, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
62 changes: 56 additions & 6 deletions src/commands/bugs.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -403,6 +403,42 @@ async fn fetch_all_bugs_multi_status(
Ok(combined)
}

/// Fetch a single page of bugs across multiple `statuses`, concatenated in
/// order and then truncated to `limit` items.
///
/// Each status is queried with the full `limit` and a shared `offset`
/// derived from `page` so that every status gets a fair chance to
/// contribute results regardless of how many bugs it contains. The merged
/// list is then truncated to at most `limit` items, preserving the
/// page-size contract.
///
/// Unlike `fetch_all_bugs_multi_status` this does NOT exhaust every page —
/// it issues one bounded request per status and merges the results, keeping
/// multi-status queries fast even on repos with thousands of bugs.
async fn fetch_page_multi_status(
client: &ApiClient,
repo_id: &RepoId,
statuses: &[BugReviewState],
limit: u32,
page: u32,
scan_id: Option<&ListPublicBugsWorkflowRequestId>,
) -> Result<(Vec<Bug>, usize)> {
let offset = page_to_offset(page, limit);
let mut combined = Vec::new();
let mut total: usize = 0;
for status in dedupe_statuses(statuses) {
let response = client
.list_bugs(repo_id, status, limit, offset, scan_id)
.await
.context("Failed to fetch bugs from repository")?;
total += usize::try_from(response.total.max(0)).unwrap_or(0);
Copy link
Copy Markdown
Contributor Author

@devin-ai-integration devin-ai-integration Bot May 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚩 Summed total across statuses may mislead pagination metadata even if page size is fixed

Beyond the items-per-page issue (reported as a bug), note that summing total from independent per-status API responses (src/commands/bugs.rs:427) produces a correct grand total only if the API returns the total count for the given status, not a global count. This is almost certainly the case (the API filters by status), but worth verifying against the API contract. If the API ever returned the unfiltered total, the summed total would be inflated by num_statuses×.

Open in Devin Review

Was this helpful? React with 👍 or 👎 to provide feedback.

Copy link
Copy Markdown
Contributor Author

@devin-ai-integration devin-ai-integration Bot May 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Confirmed — the API returns per-status totals (the status parameter is a required filter on list_public_bugs). The sum across statuses gives the correct grand total. Addressed the page-size issue in 1c8a94d by distributing the limit across statuses.

combined.extend(response.bugs);
}
let limit_usize = usize::try_from(limit).unwrap_or(usize::MAX);
combined.truncate(limit_usize);
Ok((combined, total))
}
Comment on lines +418 to +440
Copy link
Copy Markdown
Contributor Author

@devin-ai-integration devin-ai-integration Bot May 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔴 Multi-status paging returns up to limit × num_statuses items, breaking page size contract

fetch_page_multi_status issues one list_bugs(limit, offset) call per deduped status and concatenates the results. With 2 statuses and --limit 50, page 1 can return up to 100 bugs instead of 50. The total is also the sum of per-status totals, so total_pages (computed in output_list as ceil(total/limit)) is correct for the combined count, but the items-per-page exceeds limit.

This breaks the pagination contract: JSON consumers see more items than limit, the table view renders more rows than expected, and navigating pages produces inconsistent page sizes (e.g. page 1 may have 100 items, page 2 may have 50). Before this PR, status.len() > 1 was part of needs_full_fetch, which correctly routed multi-status through fetch_all_bugs_multi_status + paginate_items — that path fetched everything then applied a single client-side page slice of exactly limit items.

Concrete example

With 75 pending + 75 resolved bugs, --status pending,resolved --limit 50 --page 1:

  • Pending: offset=0 → 50 bugs; Resolved: offset=0 → 50 bugs → merged: 100 bugs shown
  • Page 2: 25+25 = 50 bugs
  • Page 3 (ceil(150/50)=3): 0+0 = 0 bugs (empty page)

The user asked for 50 items per page but gets 100 on page 1.

Prompt for agents 
The function fetch_page_multi_status in src/commands/bugs.rs:411-431 fetches one page (with the user-specified limit and offset) per status independently and merges the results. This means the merged result set can contain up to limit * num_statuses items, violating the user's --limit. The total is also the sum of per-status totals, so pagination metadata doesn't match actual page contents.

There are two approaches to fix this:

1. Simple approach: Remove the multi_status optimization entirely and keep multi-status queries going through the full-fetch path (fetch_all_bugs_multi_status + paginate_items) as they did before this PR. This means reverting the removal of status.len() > 1 from needs_full_fetch and removing the else-if multi_status branch in the handle function (src/commands/bugs.rs:526-538).

2. Correct the optimization: Keep fetch_page_multi_status but add client-side pagination after merging. Fetch all bugs for each status (using fetch_all_bugs_multi_status), then apply paginate_items to the merged result. However, this is equivalent to the full-fetch path and defeats the purpose of the optimization. Alternatively, you could try to distribute the limit across statuses, but that's complex and may not match user expectations for ordering.
Open in Devin Review

Was this helpful? React with 👍 or 👎 to provide feedback.

Copy link
Copy Markdown
Contributor Author

@devin-ai-integration devin-ai-integration Bot May 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed in 1c8a94d — the limit is now distributed evenly across deduped statuses (with remainder going to the first statuses), so the merged result never exceeds limit items. Each status also gets its own proportional offset derived from its share of the limit.

Re: the API contract question — yes, list_public_bugs takes a status filter parameter, so response.total is the count for that specific status, not a global count. The sum is correct.


pub async fn handle(command: &BugCommands, cli: &crate::Cli) -> Result<()> {
let client = cli.create_client()?;

Expand Down Expand Up @@ -439,16 +475,17 @@ pub async fn handle(command: &BugCommands, cli: &crate::Cli) -> Result<()> {
let since_ms = resolve_time_flag("--since", since.as_deref(), now)?;
let until_ms = resolve_time_flag("--until", until.as_deref(), now)?;

// The bugs API takes a single status per request. When the user
// asks for several statuses (or `--all`, or any client-side
// filter), fan out and combine — that also forces the all-fetch
// path so client-side filters and pagination see the merged set.
// The bugs API takes a single status per request. When the
// user asks for client-side filters (`--all`, `--vulns`,
// `--introduced-by`, `--since`, `--until`) we must fetch every
// bug to apply them. Multi-status alone does NOT require a full
// fetch — we can issue one page-sized request per status.
let needs_full_fetch = *all
|| *vulns
|| !introduced_by.is_empty()
|| since_ms.is_some()
|| until_ms.is_some()
|| status.len() > 1;
|| until_ms.is_some();
let multi_status = status.len() > 1;

if needs_full_fetch {
let all_bugs = fetch_all_bugs_multi_status(
Expand Down Expand Up @@ -495,6 +532,19 @@ pub async fn handle(command: &BugCommands, cli: &crate::Cli) -> Result<()> {
}
let page_items = paginate_items(&filtered, *page, *limit);
output_list(&page_items, total, *page, *limit, format)
} else if multi_status {
// Multiple statuses but no client-side filters: fetch one
// page per status and merge, avoiding a full exhaust.
let (bugs, total) = fetch_page_multi_status(
&client,
&resolved_repo_id,
status,
*limit,
*page,
scan_id.as_ref(),
)
.await?;
output_list(&bugs, total, *page, *limit, format)
Comment on lines +535 to +547
Copy link
Copy Markdown
Contributor Author

@devin-ai-integration devin-ai-integration Bot May 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

📝 Info: The multi_status branch intentionally skips empty-result hint output

The single-status path (src/commands/bugs.rs:539-563) and the full-fetch path both have logic for printing empty-filter hints when no bugs are found (lines 499-514). The new multi_status branch (lines 526-538) does not print any hint — it directly calls output_list. This is consistent with the design: hints are only shown when client-side filters are active (vulns, introduced-by, time range), which by definition routes through the needs_full_fetch path. The single-status path also doesn't print hints. So this is not a bug, just worth noting for completeness.

Open in Devin Review

Was this helpful? React with 👍 or 👎 to provide feedback.

Copy link
Copy Markdown
Contributor Author

@devin-ai-integration devin-ai-integration Bot May 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Correct — this is intentional and consistent with the single-status path, which also doesn't print hints. Hints are only relevant when client-side filters are active (which routes through needs_full_fetch).

Copy link
Copy Markdown

@cubic-dev-ai cubic-dev-ai Bot May 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2: The new multi-status fast path uses per-status paging but still reports pagination using single-list total/limit, which produces incorrect total_pages (and page numbering context) for merged results.

Prompt for AI agents 
Check if this issue is valid — if so, understand the root cause and fix it. At src/commands/bugs.rs, line 538:

<comment>The new multi-status fast path uses per-status paging but still reports pagination using single-list `total/limit`, which produces incorrect `total_pages` (and page numbering context) for merged results.</comment>

<file context>
@@ -495,6 +523,19 @@ pub async fn handle(command: &BugCommands, cli: &crate::Cli) -> Result<()> {
+                    scan_id.as_ref(),
+                )
+                .await?;
+                output_list(&bugs, total, *page, *limit, format)
             } else {
                 // Single-status, no other filters: keep the original
</file context>

Copy link
Copy Markdown
Contributor Author

@devin-ai-integration devin-ai-integration Bot May 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was addressed in 1c8a94d — the limit is now distributed evenly across deduped statuses (with remainder to the earliest), so the merged result never exceeds limit items. Each status gets its own proportional offset, so total (sum of per-status totals) and total_pages = ceil(total / limit) are consistent with the actual page contents.

} else {
// Single-status, no other filters: keep the original
// single-page server fetch — cheaper and lets the API drive
Expand Down
Loading