SOP-DEV-bug-triage-v1.0¶
1. Purpose¶
Define how defects and unexpected behavior are classified, prioritized, assigned, and tracked through to resolution. Ensures bugs don't slip through as "known issues" without an owner and a fix timeline.
Bug vs. Feature distinction: A bug is behavior that deviates from a stated Done Criterion or produces an incorrect output given a valid input. A missing capability that was never built is a feature request (SOP-DEV-feature-request-intake-v1.0). When in doubt, qa.testing classifies; CDO resolves disputes.
2. Bug Severity Classification¶
| Severity | Definition | Response target |
|---|---|---|
| SEV1 | System outage, data loss, credential exposure, customer-facing failure | Fix within 4 hours; CEO notified immediately |
| SEV2 | Workflow blocked, agent producing wrong outputs, integration failure | Fix within 24 hours; CDO notified at discovery |
| SEV3 | Incorrect output in non-critical path, cosmetic defect, minor workflow friction | Fix within next sprint (≤1 week); surfaced in weekly CDO check-in |
| SEV4 | Cosmetic, edge case, or known limitation not worth fixing now | Backlog; CDO closes with accepted-limitation note |
3. Bug Intake Sources¶
| Source | Who reports | How it arrives |
|---|---|---|
| QA report (Mission or standard) | qa.testing, qa.visuals, qa.dataquality, qa.applications | QA Report with defect description + reproduction steps |
| Agent self-report | Any agent noticing unexpected behavior | Status Report or session-dir drop to CDO/qa.testing |
| CEO observation | Rick | Slack message or inbox.md capture |
| Integration failure alert | Automated (Make.com, Supabase logs) | security.ops or code.platform surfaces it |
All bugs route to qa.testing for initial classification before CDO assignment.
4. Triage Procedure¶
Step 1 — Bug report filed¶
Reporter files a Bug Report at /Claude/operations/incidents/open/BUG-{YYYY-MMDD}-{slug}.md:
BUG REPORT
──────────────────────────────
Severity: SEV{N} (initial estimate)
Reporter: {agent_id}
Reported at: {YYYY-MM-DD HH:MM PST}
System / component: {where the bug occurs}
Description: {what happened vs. what was expected}
Reproduction steps: {numbered list to reproduce}
Evidence: {screenshot path, log snippet, or output sample}
Impact: {who or what is affected}
For SEV1/2: reporter also notifies CDO via #agent-handoffs immediately — don't wait for the file to surface in a sweep.
Step 2 — qa.testing classification (within 2 hours for SEV1/2; next sweep for SEV3/4)¶
qa.testing reviews the bug report and: 1. Confirms severity — adjusts if the initial estimate is off 2. Reproduces the bug if reproduction steps are provided (or requests them if not) 3. Checks for duplicates — is this already tracked? If yes, close as duplicate and link 4. Assigns to the correct agent — code.platform for code bugs, revenue.os for platform logic bugs, qa.applications for backend, qa.visuals for UI
Step 3 — Monday.com item creation¶
qa.testing (or assigned agent) creates the Monday.com item:
- Board: Tasks
- Name: [BUG] {SEV level} — {concise description}
- Owner: assigned fixing agent
- Priority: maps to severity (SEV1/2 = P1, SEV3 = P2, SEV4 = P3)
- Due date: per response target in Section 2
Step 4 — Fix and verification¶
Assigned agent implements the fix: 1. Fix applied 2. Reproduction steps re-run — confirm fix resolves the original report 3. Regression check — confirm no adjacent behavior broke 4. qa.testing runs a QA signoff per SOP-DEV-qa-signoff-v1.0 (Confidence MEDIUM minimum)
Step 5 — Bug closed¶
Bug is closed when:
1. QA Report filed with PASS and Confidence ≥ MEDIUM
2. Monday.com item closed with fix description
3. Bug Report file moved from /Claude/operations/incidents/open/ to /Claude/operations/incidents/closed/
4. If a SOP or agent contract contributed to the bug: SOP Delta filed per SOP-OPS-sop-change-management-v1.0
5. SEV1 Emergency Path¶
For SEV1 bugs (customer-facing failure, data loss, credential exposure):
- Reporter immediately flags in
#agent-handoffswith🔴 SEV1 BUG - CDO drops all current work and takes primary ownership
- Fix first, documentation after — minimize time-to-resolution; file the full Bug Report during or after the fix
- CEO notified per SOP-EXEC-escalation-incident-handling-v1.0 Section 4 SEV1 path
- Post-mortem filed within 24 hours of resolution at
/Claude/operations/reports/qa/bug-postmortem-{slug}-{YYYY-MM-DD}.md
6. Defect Pattern Reporting (CDO Friday Close)¶
Per CLAUDE.md Section 12 (CDO Friday Close), qa.testing surfaces recurring defect classes observed that week in the CDO's Friday Close "Defect Pattern Findings" section. code.platform responds with architectural fix proposals. CDO approves, defers, or escalates to the Architectural Debt Register.
A pattern is: the same class of defect appearing in ≥3 separate bug reports over any rolling 4-week period.
Change Log¶
| Version | Date | Change |
|---|---|---|
| v1.0 | 2026-04-21 | Initial draft — sop.manager. |
Owner: qa.testing Executive sponsor: cdo Drafted by: sop.manager Status: Draft — pending CDO review + approval Version: v1.0