case studydeploymentquality engineering

Test Escape Pattern Miner: A Quarter in Practice

PG
Patrick Gilberg · Head of Security & Deployment
June 17, 2026

I run security and deployment, which means I am the person who has to be comfortable pointing a production system at a company's own bug history and code. So let me tell this the way I actually experienced it — one team, one quarter, one Monday-morning ritual that changed. Ajay frames why it matters and Mark explains how it works; my job is to show you what living with it looks like.

Before: the Monday that never converged

The team I'll describe ships a payments-adjacent platform. Roughly 30 engineers, four squads, a respectable escape rate — not a mess, a normal good org. Their quality ritual was a monthly "escape review": someone exported the last month of production incidents into a spreadsheet, the squad leads skimmed it, everyone nodded at the scary ones, and action items got filed against individual incidents.

The meeting ran 90 minutes. It produced tickets. It never produced a pattern, because the spreadsheet only held one month and the human memory in the room only held whatever each lead happened to remember. When I sat in on one, a staff engineer said — almost as an aside — "didn't we see something like this in the spring?" Nobody could confirm it. The thread died. That exact defect class escaped again eleven weeks later.

That is the failure mode: the knowledge to catch the pattern existed, scattered across two trackers, an incident tool, and eighteen months of git history that no human was going to read on a Monday.

After: the Mission runs before anyone's coffee

We deployed the Test Escape Pattern Miner inside their perimeter — reading their history where it lives, nothing leaving the network, which is the first thing my team checks. It runs on a schedule the Friday before each review. By the time the leads open the Decision Queue Monday, the forecast is waiting.

The first run is the one I remember. The Mission mined about 240 closed escapes across eighteen months, and its ranked brief led with a class the team had never named: unvalidated external callbacks — webhook, batch, and import handlers that trusted upstream payloads. Nine escapes over six quarters, four different authors, three services. No single retro had ever put those nine in the same sentence. The Forecast agent ranked it top by recurrence likelihood and flagged two services where the same shape was statistically overdue.

I watched the whole thing reason on the Explain rail — the routing to the Pattern agent, the cluster it built, the historical matches it cited. When it recommended filing a process change (a mandatory contract-test gate for external callbacks), it didn't just do it. It dropped a row in the Decision Queue. A lead approved it with one click. That approval boundary is exactly what makes me sign off: the analysis is autonomous and read-only, the action in their systems waits for a human.

One quarter, before and after BEFORE — manual monthly review export spreadsheet 90-min skim file per-incident tickets class escapes again wk 11 · pattern missed AFTER — scheduled Mission mines 240 escapes 18mo · read-only ranks classes by recurrence decision queue 1-click approve class closed at process level contract-test gate added once Quarter outcome 1 process gate closed · ~3 forecast classes actioned · review 90 min → 15 min · a repeat escape prevented

What it returned — in numbers I'm willing to defend

I am careful with ROI claims, so here is what I actually observed over the first quarter, framed as what this team saw rather than a universal guarantee.

  • The review itself went from 90 minutes to about 15. The leads stopped hunting for patterns by hand and started reviewing a forecast that already found them. That's roughly four squad-leads' time, monthly, recovered.
  • Three recurring classes surfaced that no prior retro had named, because no retro's scope ever spanned them. The callback class was the headline; the other two were a config-drift class and a timezone-handling class.
  • One process gate — the contract-test gate — closed the top class outright. The next quarter had zero escapes of that shape. Using the same proactive-versus-reactive asymmetry we see across our Missions (a low-thousands intervention against a low-hundreds-of-thousands outage), preventing even one repeat of a payments-callback escape pays for the program many times over.

The number I care about most isn't in a spreadsheet: the staff engineer who used to say "didn't we see this before?" now has a system that answers the question before he asks it.

Why deploying it was boring — the highest compliment I give

From my seat, the best deployments are the ones with nothing to worry about. The Mission runs inside the customer's own perimeter; the mining path is read-only, so there's no write access to bug trackers or code to threat-model. Tools are wired over MCP servers, so onboarding a new source is a registration, not an integration project — the same day, not the same quarter. And every conclusion streams its reasoning to the Explain rail, so an auditor asking "why did it recommend this gate?" gets a traced answer, not a shrug. The only action that touches the customer's systems passes through the Decision Queue with a human on it.

That combination — autonomous forecasting, read-only analysis, human-gated action, full trace — is exactly the posture I want in production. It's the same posture behind every AI Mission we ship, grounded in the customer's own enterprise knowledge. The escapes were always telling a story. This just makes sure someone reads it before it repeats.

Discussion

No comments yet — start the conversation.

Join the discussion

See StudioX run.

Put autonomous AI workers to work on your own systems and knowledge.