Greptile Summary

This PR fixes a recurring drift pattern where _INVESTIGATED_EVIDENCE_KEYS in evidence_checker.py was not updated when new integrations (Alertmanager, Coralogix, Honeycomb) were added, causing is_clearly_healthy condition 4 to never fire for those stacks and forcing a full LLM RCA round-trip on every resolved low-severity alert from them. The fix adds the five missing keys (alertmanager_alerts, alertmanager_silences, coralogix_logs, coralogix_error_logs, honeycomb_traces) and backs them with parameterized tests plus a severity-gate safety check.

Confidence Score: 5/5

Safe to merge — the change is additive, well-tested, and the safety properties of the short-circuit are unchanged.

No P0/P1 issues found. The added keys are verified against what the post_process.py mappers actually write. Tests cover all five new keys plus the critical-severity rejection path. The only finding is a P2 observation about potentially similar gaps for Vercel/GitHub integrations, which is pre-existing and out of scope for this PR.

No files require special attention.

Important Files Changed

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[Incoming resolved alert] --> B{Condition 1\nstate in healthy_states?}
    B -- No --> FULL[Full LLM RCA round-trip]
    B -- Yes --> C{Condition 2\nseverity in healthy_severities?}
    C -- No --> FULL
    C -- Yes --> D{Condition 3\nno error annotations?}
    D -- No --> FULL
    D -- Yes --> E{Condition 4\nany key in _INVESTIGATED_EVIDENCE_KEYS?}
    E -- No --> FULL
    E -- Yes --> SC[Short-circuit → healthy]

    subgraph "Keys added by this PR"
        K1[alertmanager_alerts]
        K2[alertmanager_silences]
        K3[coralogix_logs]
        K4[coralogix_error_logs]
        K5[honeycomb_traces]
    end

    K1 & K2 & K3 & K4 & K5 --> E

This is a comment left during a code review.
Path: app/nodes/root_cause_diagnosis/evidence_checker.py
Line: 16-44

Comment:
**Potential same-drift gap for Vercel and GitHub integrations**

`_map_vercel_deployment_status` writes `vercel_deployments`, `_map_vercel_deployment_logs` writes `vercel_deployment` / `vercel_events`, and the three GitHub mappers write `github_code_matches`, `github_file`, and `github_commits` — none of which appear in `_INVESTIGATED_EVIDENCE_KEYS`. If a pure-Vercel or pure-GitHub healthy investigation runs, condition 4 of `is_clearly_healthy` would still not fire, forcing the same full LLM round-trip this PR was designed to eliminate. Worth checking whether those integrations should be included here too.

How can I resolve this? If you propose a fix, please make it concise.

_{Reviews (2): Last reviewed commit: "fix: recognise alertmanager/coralogix/ho..." | Re-trigger Greptile}

@copilot resolve the merge conflicts in this pull request

Closing in favour of #777 which has been merged and covers this fix as part of a broader whitelist approach. The missing keys (alertmanager, coralogix, honeycomb) are now handled via CLAIM_EVIDENCE_KEYS.