🔧 Initial commit: FixFlow — Autonomous Bug Resolution Agent

- 5-step pipeline: Issue parsing → Codebase mapping → Root cause analysis → Fix generation → PR description
- GLM 5.1 (Z.ai) via OpenAI-compatible API with streaming support
- PyGithub integration: fetch issues, repo trees, file contents
- Python difflib unified diff generation
- Streamlit dark UI with glassmorphism design
- Confidence self-evaluation (optional)
- Export: full Markdown report + .diff patch
- Demo output for FastAPI issue included

.env.example

@@ -0,0 +1,21 @@
+# FixFlow Environment Variables
+# Copy this file to .env and fill in your API keys
+
+# Z.ai / GLM API Key (get from https://open.bigmodel.cn/)
+GLM_API_KEY=your_glm_api_key_here
+
+# GitHub Personal Access Token (optional, for private repos & higher rate limits)
+# Generate at: https://github.com/settings/tokens
+GITHUB_TOKEN=your_github_token_here
+
+# GLM Model (options: glm-5-plus, glm-4-plus, glm-4)
+GLM_MODEL=glm-5-plus
+
+# GLM API Base URL
+GLM_BASE_URL=https://open.bigmodel.cn/api/paas/v4
+
+# Max files to analyze per repo
+MAX_FILES_TO_SCAN=100
+
+# Max file size in bytes to read (50KB default)
+MAX_FILE_SIZE_BYTES=51200

.gitignore

@@ -0,0 +1,38 @@
+# Python
+__pycache__/
+*.py[cod]
+*.pyo
+*.pyd
+.Python
+*.egg
+*.egg-info/
+dist/
+build/
+.eggs/
+
+# Virtual environments
+.venv/
+venv/
+env/
+ENV/
+
+# Environment variables
+.env
+
+# Streamlit
+.streamlit/
+
+# macOS
+.DS_Store
+
+# IDE
+.idea/
+.vscode/
+*.swp
+*.swo
+
+# Logs
+*.log
+
+# Jupyter
+.ipynb_checkpoints/

README.md

@@ -0,0 +1,179 @@
+# 🔧 FixFlow — Autonomous Bug Resolution Agent
+
+<div align="center">
+
+[![Python](https://img.shields.io/badge/Python-3.11+-3776AB?style=flat-square&logo=python&logoColor=white)](https://python.org)
+[![Streamlit](https://img.shields.io/badge/Streamlit-1.30+-FF4B4B?style=flat-square&logo=streamlit&logoColor=white)](https://streamlit.io)
+[![GLM 5.1](https://img.shields.io/badge/Powered%20by-GLM%205.1%20by%20Z.ai-6c63ff?style=flat-square)](https://open.bigmodel.cn)
+[![License](https://img.shields.io/badge/License-MIT-10b981?style=flat-square)](LICENSE)
+
+**Give FixFlow a GitHub issue. Get back a root cause analysis + a PR-ready fix.**
+
+*Built with GLM 5.1 by Z.ai ⚡*
+
+</div>
+
+---
+
+## ✨ Features
+
+| Feature | Description |
+|---------|-------------|
+| 🐛 **Smart Issue Parsing** | Extracts error messages, reproduction steps, and technical clues from any GitHub issue |
+| 🗺️ **Codebase Mapping** | Identifies the top 5-10 most suspect files from the entire repo tree |
+| 🧠 **Chain-of-Thought Reasoning** | Traces execution flow step-by-step, citing file names, functions, and line numbers |
+| 🔬 **Root Cause Analysis** | Pinpoints the exact bug location with high-confidence reasoning |
+| 🔧 **Fix Generation** | Generates minimal, precise code changes as unified diffs |
+| 📝 **PR Description** | Writes a complete, reviewer-friendly pull request description |
+| 🎯 **Confidence Score** | Optional self-evaluation step where GLM rates its own certainty |
+| 📤 **Export** | Download the full analysis report as Markdown or the patch as `.diff` |
+
+---
+
+## 🚀 Quick Start
+
+### 1. Clone & Install
+
+```bash
+git clone https://github.com/your-username/fixflow.git
+cd fixflow
+
+# Create virtual environment
+python -m venv .venv
+source .venv/bin/activate  # Windows: .venv\Scripts\activate
+
+# Install dependencies
+pip install -r requirements.txt
+```
+
+### 2. Configure API Keys
+
+```bash
+cp .env.example .env
+```
+
+Edit `.env`:
+
+```env
+GLM_API_KEY=your_glm_api_key_here        # Get from https://open.bigmodel.cn/
+GITHUB_TOKEN=ghp_your_token_here          # Optional, but recommended
+GLM_MODEL=glm-5-plus
+```
+
+### 3. Run
+
+```bash
+streamlit run app.py
+```
+
+Open [http://localhost:8501](http://localhost:8501) 🎉
+
+---
+
+## 🔄 How It Works
+
+```
+GitHub Issue URL
+      │
+      ▼
+┌─────────────────┐
+│ 1. Parse Issue  │ ─── Extract: error, repro steps, affected components
+└────────┬────────┘
+         │
+         ▼
+┌─────────────────┐
+│ 2. Map Codebase │ ─── Scan repo tree → Rank top 5-10 suspect files
+└────────┬────────┘
+         │
+         ▼
+┌─────────────────┐
+│ 3. Analyze Code │ ─── Read files → Chain-of-thought root cause tracing
+└────────┬────────┘
+         │
+         ▼
+┌─────────────────┐
+│ 4. Generate Fix │ ─── Produce corrected file versions (minimal changes)
+└────────┬────────┘
+         │
+         ▼
+┌─────────────────┐
+│ 5. Write PR     │ ─── Unified diff + human-readable PR description
+└─────────────────┘
+         │
+         ▼
+  📄 Full Report + 📦 Patch File
+```
+
+---
+
+## 🧪 Example Output
+
+See [`demo/example_output.md`](demo/example_output.md) for a full sample analysis on a real FastAPI issue.
+
+Quick preview:
+
+```
+🔬 Root Cause:
+In fastapi/_compat.py ~line 215, _get_value() calls model_dump()
+without passing `include=include` in the Pydantic v2 branch.
+The fix: add include=include, exclude=exclude to model_dump().
+```
+
+---
+
+## 📁 Project Structure
+
+```
+fixflow/
+├── app.py                    # Streamlit frontend (dark UI, streaming output)
+├── backend/
+│   ├── __init__.py
+│   ├── config.py             # API keys, model config, constants
+│   ├── github_client.py      # Fetch issues, repo trees, file contents
+│   ├── code_indexer.py       # Parse repo structure, format for LLM
+│   ├── agent.py              # Core 5-step reasoning agent orchestrator
+│   ├── prompts.py            # All LLM prompt templates
+│   ├── diff_generator.py     # Generate unified diffs from proposed changes
+│   └── llm_client.py        # GLM 5.1 API wrapper (sync + streaming)
+├── requirements.txt
+├── .env.example
+├── README.md
+└── demo/
+    └── example_output.md     # Sample output for showcase
+```
+
+---
+
+## ⚙️ Configuration
+
+| Variable | Default | Description |
+|----------|---------|-------------|
+| `GLM_API_KEY` | — | Your Z.ai API key (required) |
+| `GITHUB_TOKEN` | — | GitHub PAT (optional, recommended) |
+| `GLM_MODEL` | `glm-5-plus` | GLM model to use |
+| `GLM_BASE_URL` | `https://open.bigmodel.cn/api/paas/v4` | API endpoint |
+| `MAX_FILES_TO_SCAN` | `100` | Max files to include in repo scan |
+| `MAX_FILE_SIZE_BYTES` | `51200` | Max file size to read (50 KB) |
+
+---
+
+## 🛠️ Tech Stack
+
+- **Frontend:** Streamlit with custom dark CSS (glassmorphism design)
+- **Backend:** Python 3.11+, FastAPI-compatible architecture
+- **LLM:** GLM 5.1 via Z.ai API (OpenAI-compatible endpoint)
+- **GitHub:** PyGithub + GitHub REST API
+- **Diffs:** Python `difflib` (unified diff format)
+
+---
+
+## 📝 License
+
+MIT License — see [LICENSE](LICENSE) for details.
+
+---
+
+<div align="center">
+Built with ❤️ for the Z.ai GLM 5.1 Hackathon<br>
+<b>Powered by GLM 5.1 by Z.ai ⚡</b>
+</div>

app.py

@@ -0,0 +1,899 @@
+"""
+FixFlow — Streamlit Frontend
+Autonomous Bug Resolution Agent powered by GLM 5.1 (Z.ai)
+"""
+import time
+import logging
+import threading
+from typing import Optional
+
+import streamlit as st
+
+from backend.agent import AgentResult, FixFlowAgent, generate_full_report
+from backend.config import GLM_MODEL, GLM_BASE_URL
+from backend.github_client import GitHubClient
+from backend.llm_client import GLMClient
+
+# ── Logging Setup ─────────────────────────────────────────────────────────────
+logging.basicConfig(
+    level=logging.INFO,
+    format="%(asctime)s [%(levelname)s] %(name)s: %(message)s",
+)
+logger = logging.getLogger("fixflow.app")
+
+
+# ── Page Config ───────────────────────────────────────────────────────────────
+st.set_page_config(
+    page_title="FixFlow — Autonomous Bug Resolution Agent",
+    page_icon="🔧",
+    layout="wide",
+    initial_sidebar_state="expanded",
+)
+
+
+# ── Custom CSS ────────────────────────────────────────────────────────────────
+st.markdown("""
+<style>
+@import url('https://fonts.googleapis.com/css2?family=Inter:wght@300;400;500;600;700;800&family=JetBrains+Mono:wght@400;500&display=swap');
+
+/* ── Root & Base ─────────── */
+:root {
+    --bg-primary: #0a0b0f;
+    --bg-secondary: #12141a;
+    --bg-card: #1a1c24;
+    --bg-card-hover: #1e2028;
+    --accent-primary: #6c63ff;
+    --accent-secondary: #a78bfa;
+    --accent-green: #10b981;
+    --accent-red: #ef4444;
+    --accent-yellow: #f59e0b;
+    --accent-blue: #3b82f6;
+    --text-primary: #f0f0ff;
+    --text-secondary: #9ca3af;
+    --text-muted: #6b7280;
+    --border: #2a2c36;
+    --border-bright: #3a3c48;
+    --shadow-glow: 0 0 40px rgba(108, 99, 255, 0.15);
+    --radius: 12px;
+    --radius-sm: 8px;
+}
+
+/* Global font */
+html, body, [class*="css"] {
+    font-family: 'Inter', -apple-system, BlinkMacSystemFont, sans-serif;
+    color: var(--text-primary);
+}
+
+/* Dark background */
+.stApp {
+    background: var(--bg-primary);
+    background-image: radial-gradient(ellipse at 20% 10%, rgba(108, 99, 255, 0.08) 0%, transparent 60%),
+                      radial-gradient(ellipse at 80% 90%, rgba(167, 139, 250, 0.05) 0%, transparent 60%);
+}
+
+/* Sidebar */
+section[data-testid="stSidebar"] {
+    background: var(--bg-secondary) !important;
+    border-right: 1px solid var(--border) !important;
+}
+
+section[data-testid="stSidebar"] > div {
+    padding: 1.5rem 1.2rem;
+}
+
+/* ── Logo / Header ───────── */
+.fixflow-header {
+    text-align: center;
+    padding: 2rem 1rem 1rem;
+    margin-bottom: 1.5rem;
+}
+
+.fixflow-logo {
+    font-size: 3.5rem;
+    margin-bottom: 0.5rem;
+    display: block;
+    filter: drop-shadow(0 0 20px rgba(108, 99, 255, 0.5));
+}
+
+.fixflow-title {
+    font-size: 2.2rem;
+    font-weight: 800;
+    background: linear-gradient(135deg, #6c63ff 0%, #a78bfa 50%, #60a5fa 100%);
+    -webkit-background-clip: text;
+    -webkit-text-fill-color: transparent;
+    background-clip: text;
+    letter-spacing: -0.02em;
+    line-height: 1.2;
+    margin-bottom: 0.4rem;
+}
+
+.fixflow-subtitle {
+    color: var(--text-secondary);
+    font-size: 1rem;
+    font-weight: 400;
+    margin-bottom: 1rem;
+}
+
+.powered-badge {
+    display: inline-flex;
+    align-items: center;
+    gap: 0.4rem;
+    background: linear-gradient(135deg, rgba(108, 99, 255, 0.15), rgba(167, 139, 250, 0.1));
+    border: 1px solid rgba(108, 99, 255, 0.3);
+    border-radius: 100px;
+    padding: 0.3rem 0.9rem;
+    font-size: 0.78rem;
+    font-weight: 600;
+    color: var(--accent-secondary);
+    letter-spacing: 0.04em;
+    text-transform: uppercase;
+}
+
+/* ── Cards ───────────────── */
+.pipeline-card {
+    background: var(--bg-card);
+    border: 1px solid var(--border);
+    border-radius: var(--radius);
+    padding: 1.5rem;
+    margin-bottom: 1rem;
+    transition: border-color 0.3s ease, box-shadow 0.3s ease;
+    position: relative;
+    overflow: hidden;
+}
+
+.pipeline-card::before {
+    content: '';
+    position: absolute;
+    top: 0; left: 0; right: 0;
+    height: 2px;
+    background: linear-gradient(90deg, var(--accent-primary), var(--accent-secondary));
+    opacity: 0;
+    transition: opacity 0.3s ease;
+}
+
+.pipeline-card:hover::before { opacity: 1; }
+.pipeline-card:hover {
+    border-color: var(--border-bright);
+    box-shadow: var(--shadow-glow);
+}
+
+/* ── Step Status Indicators ─ */
+.step-indicator {
+    display: flex;
+    align-items: center;
+    gap: 0.75rem;
+    padding: 0.8rem 1rem;
+    border-radius: var(--radius-sm);
+    margin-bottom: 0.5rem;
+    font-size: 0.9rem;
+    font-weight: 500;
+    border: 1px solid transparent;
+    transition: all 0.3s ease;
+}
+
+.step-idle {
+    background: rgba(107, 114, 128, 0.08);
+    border-color: rgba(107, 114, 128, 0.15);
+    color: var(--text-muted);
+}
+
+.step-running {
+    background: rgba(59, 130, 246, 0.1);
+    border-color: rgba(59, 130, 246, 0.3);
+    color: #60a5fa;
+    animation: pulse-blue 2s infinite;
+}
+
+.step-complete {
+    background: rgba(16, 185, 129, 0.08);
+    border-color: rgba(16, 185, 129, 0.25);
+    color: var(--accent-green);
+}
+
+.step-error {
+    background: rgba(239, 68, 68, 0.08);
+    border-color: rgba(239, 68, 68, 0.25);
+    color: var(--accent-red);
+}
+
+@keyframes pulse-blue {
+    0%, 100% { opacity: 1; }
+    50% { opacity: 0.7; }
+}
+
+.step-icon { font-size: 1.1rem; }
+.step-time { margin-left: auto; font-size: 0.75rem; color: var(--text-muted); font-family: 'JetBrains Mono', monospace; }
+
+/* ── Input Fields ────────── */
+.stTextInput > div > div > input,
+.stTextArea > div > div > textarea {
+    background: var(--bg-card) !important;
+    border: 1px solid var(--border) !important;
+    border-radius: var(--radius-sm) !important;
+    color: var(--text-primary) !important;
+    font-family: 'Inter', sans-serif !important;
+    transition: border-color 0.2s !important;
+}
+
+.stTextInput > div > div > input:focus,
+.stTextArea > div > div > textarea:focus {
+    border-color: var(--accent-primary) !important;
+    box-shadow: 0 0 0 3px rgba(108, 99, 255, 0.12) !important;
+}
+
+/* ── Analyze Button ──────── */
+.stButton > button[kind="primary"] {
+    background: linear-gradient(135deg, #6c63ff, #a78bfa) !important;
+    border: none !important;
+    border-radius: 10px !important;
+    font-family: 'Inter', sans-serif !important;
+    font-weight: 700 !important;
+    font-size: 1rem !important;
+    padding: 0.7rem 2rem !important;
+    letter-spacing: 0.02em !important;
+    transition: all 0.3s ease !important;
+    box-shadow: 0 4px 24px rgba(108, 99, 255, 0.35) !important;
+    color: white !important;
+}
+
+.stButton > button[kind="primary"]:hover {
+    transform: translateY(-2px) !important;
+    box-shadow: 0 8px 32px rgba(108, 99, 255, 0.5) !important;
+}
+
+.stButton > button[kind="primary"]:active {
+    transform: translateY(0) !important;
+}
+
+/* Secondary buttons */
+.stButton > button[kind="secondary"] {
+    background: var(--bg-card) !important;
+    border: 1px solid var(--border-bright) !important;
+    border-radius: var(--radius-sm) !important;
+    color: var(--text-secondary) !important;
+    font-family: 'Inter', sans-serif !important;
+    font-weight: 500 !important;
+}
+
+/* ── Expander ────────────── */
+.streamlit-expanderHeader {
+    background: var(--bg-card) !important;
+    border: 1px solid var(--border) !important;
+    border-radius: var(--radius-sm) !important;
+    color: var(--text-primary) !important;
+    font-weight: 600 !important;
+    transition: border-color 0.2s !important;
+}
+
+.streamlit-expanderHeader:hover {
+    border-color: var(--accent-primary) !important;
+}
+
+.streamlit-expanderContent {
+    background: var(--bg-secondary) !important;
+    border: 1px solid var(--border) !important;
+    border-top: none !important;
+    border-radius: 0 0 var(--radius-sm) var(--radius-sm) !important;
+}
+
+/* Code blocks */
+.stCodeBlock pre, code {
+    font-family: 'JetBrains Mono', monospace !important;
+    font-size: 0.85rem !important;
+}
+
+/* ── Metrics ─────────────── */
+.stat-card {
+    background: var(--bg-card);
+    border: 1px solid var(--border);
+    border-radius: var(--radius-sm);
+    padding: 1rem;
+    text-align: center;
+}
+
+.stat-value {
+    font-size: 1.8rem;
+    font-weight: 800;
+    background: linear-gradient(135deg, #6c63ff, #a78bfa);
+    -webkit-background-clip: text;
+    -webkit-text-fill-color: transparent;
+    background-clip: text;
+    line-height: 1;
+}
+
+.stat-label {
+    font-size: 0.75rem;
+    color: var(--text-muted);
+    margin-top: 0.3rem;
+    text-transform: uppercase;
+    letter-spacing: 0.06em;
+}
+
+/* ── Dividers ────────────── */
+hr {
+    border: none !important;
+    border-top: 1px solid var(--border) !important;
+    margin: 1.5rem 0 !important;
+}
+
+/* ── Sidebar specific ────── */
+.sidebar-section-title {
+    font-size: 0.7rem;
+    font-weight: 700;
+    text-transform: uppercase;
+    letter-spacing: 0.1em;
+    color: var(--text-muted);
+    margin: 1.2rem 0 0.5rem;
+}
+
+.sidebar-logo {
+    font-size: 1.5rem;
+    font-weight: 800;
+    background: linear-gradient(135deg, #6c63ff, #a78bfa);
+    -webkit-background-clip: text;
+    -webkit-text-fill-color: transparent;
+    background-clip: text;
+    margin-bottom: 0.2rem;
+}
+
+/* ── Stream output box ───── */
+.stream-box {
+    background: var(--bg-secondary);
+    border: 1px solid var(--border);
+    border-radius: var(--radius-sm);
+    padding: 1rem;
+    font-family: 'JetBrains Mono', monospace;
+    font-size: 0.82rem;
+    line-height: 1.6;
+    color: #d1fae5;
+    max-height: 300px;
+    overflow-y: auto;
+    white-space: pre-wrap;
+    word-break: break-word;
+}
+
+/* ── Alerts ──────────────── */
+.stAlert {
+    border-radius: var(--radius-sm) !important;
+}
+
+/* Toggle/checkbox */
+.stCheckbox > label {
+    color: var(--text-secondary) !important;
+    font-size: 0.9rem !important;
+}
+
+/* Scrollbar */
+::-webkit-scrollbar { width: 6px; height: 6px; }
+::-webkit-scrollbar-track { background: var(--bg-secondary); }
+::-webkit-scrollbar-thumb { background: var(--border-bright); border-radius: 3px; }
+::-webkit-scrollbar-thumb:hover { background: var(--accent-primary); }
+
+/* Selectbox */
+.stSelectbox > div > div {
+    background: var(--bg-card) !important;
+    border-color: var(--border) !important;
+    color: var(--text-primary) !important;
+}
+</style>
+""", unsafe_allow_html=True)
+
+
+# ── Session State Init ────────────────────────────────────────────────────────
+def init_session():
+    defaults = {
+        "result": None,
+        "running": False,
+        "step_statuses": {},
+        "step_messages": {},
+        "stream_buffer": "",
+        "error": None,
+        "glm_api_key": "",
+        "github_token": "",
+        "model": GLM_MODEL,
+        "run_confidence": False,
+    }
+    for k, v in defaults.items():
+        if k not in st.session_state:
+            st.session_state[k] = v
+
+init_session()
+
+
+# ── Sidebar ───────────────────────────────────────────────────────────────────
+with st.sidebar:
+    st.markdown('<div class="sidebar-logo">🔧 FixFlow</div>', unsafe_allow_html=True)
+    st.markdown('<div style="color: #6b7280; font-size: 0.8rem; margin-bottom: 1.5rem;">Autonomous Bug Resolution Agent</div>', unsafe_allow_html=True)
+
+    st.markdown('<div class="sidebar-section-title">🔑 API Configuration</div>', unsafe_allow_html=True)
+
+    glm_key = st.text_input(
+        "GLM API Key (Z.ai)",
+        value=st.session_state.glm_api_key,
+        type="password",
+        placeholder="Enter your Z.ai GLM API key...",
+        help="Get your key at https://open.bigmodel.cn/",
+        key="glm_key_input",
+    )
+    if glm_key:
+        st.session_state.glm_api_key = glm_key
+
+    github_token = st.text_input(
+        "GitHub Token (optional)",
+        value=st.session_state.github_token,
+        type="password",
+        placeholder="ghp_... (for private repos / higher limits)",
+        help="Needed for private repos. Also increases rate limit from 60 to 5000 req/hr.",
+        key="github_token_input",
+    )
+    if github_token:
+        st.session_state.github_token = github_token
+
+    st.markdown('<div class="sidebar-section-title">⚙️ Model Settings</div>', unsafe_allow_html=True)
+
+    model_choice = st.selectbox(
+        "GLM Model",
+        options=["glm-5-plus", "glm-4-plus", "glm-4"],
+        index=0,
+        key="model_select",
+    )
+    st.session_state.model = model_choice
+
+    st.markdown('<div class="sidebar-section-title">🧪 Options</div>', unsafe_allow_html=True)
+
+    run_confidence = st.checkbox(
+        "Run confidence self-evaluation",
+        value=st.session_state.run_confidence,
+        help="Ask GLM to rate confidence in its own analysis (adds ~10-15s)",
+        key="confidence_check",
+    )
+    st.session_state.run_confidence = run_confidence
+
+    # Rate limit info
+    if st.session_state.github_token:
+        st.markdown('<div class="sidebar-section-title">📊 GitHub Status</div>', unsafe_allow_html=True)
+        try:
+            gh_temp = GitHubClient(token=st.session_state.github_token)
+            rl = gh_temp.get_rate_limit_info()
+            if rl:
+                remaining = rl.get("core_remaining", "?")
+                limit = rl.get("core_limit", "?")
+                pct = int(remaining / limit * 100) if isinstance(remaining, int) and isinstance(limit, int) else 0
+                color = "#10b981" if pct > 50 else "#f59e0b" if pct > 20 else "#ef4444"
+                st.markdown(
+                    f'<div style="font-size:0.8rem; color: {color};">API: {remaining}/{limit} requests remaining</div>',
+                    unsafe_allow_html=True
+                )
+        except Exception:
+            pass
+
+    st.markdown("---")
+    st.markdown(
+        '<div style="font-size: 0.72rem; color: #4b5563; line-height: 1.6;">'
+        '🔒 Your API keys are never stored or transmitted beyond direct API calls.<br><br>'
+        '⚡ Powered by <b style="color: #a78bfa;">GLM 5.1 by Z.ai</b>'
+        '</div>',
+        unsafe_allow_html=True
+    )
+
+
+# ── Main Content ──────────────────────────────────────────────────────────────
+
+# Header
+st.markdown("""
+<div class="fixflow-header">
+    <span class="fixflow-logo">🔧</span>
+    <div class="fixflow-title">FixFlow</div>
+    <div class="fixflow-subtitle">Autonomous Bug Resolution Agent</div>
+    <span class="powered-badge">⚡ GLM 5.1 by Z.ai</span>
+</div>
+""", unsafe_allow_html=True)
+
+
+# ── Input Section ─────────────────────────────────────────────────────────────
+st.markdown('<div class="pipeline-card">', unsafe_allow_html=True)
+st.markdown("### 🎯 Analyze a GitHub Issue")
+st.markdown('<div style="color: #9ca3af; font-size: 0.9rem; margin-bottom: 1rem;">Paste a GitHub issue URL and the repository to analyze. FixFlow will autonomously trace the root cause and generate a fix.</div>', unsafe_allow_html=True)
+
+col1, col2 = st.columns(2)
+with col1:
+    issue_url = st.text_input(
+        "GitHub Issue URL",
+        placeholder="https://github.com/owner/repo/issues/123",
+        help="Full URL to the GitHub issue you want to fix",
+        key="issue_url_input",
+    )
+with col2:
+    repo_url = st.text_input(
+        "Repository URL",
+        placeholder="https://github.com/owner/repo",
+        help="The repository containing the buggy code",
+        key="repo_url_input",
+    )
+
+# Auto-fill repo from issue URL
+if issue_url and not repo_url:
+    # Try to extract repo from issue URL
+    import re
+    m = re.match(r"(https://github\.com/[^/]+/[^/]+)/issues/\d+", issue_url.strip())
+    if m:
+        st.session_state["repo_url_input"] = m.group(1)
+        repo_url = m.group(1)
+
+# Example buttons
+st.markdown('<div style="margin-top: 0.5rem; color: #6b7280; font-size: 0.8rem;">💡 Try with an example:</div>', unsafe_allow_html=True)
+ex_col1, ex_col2, ex_col3 = st.columns(3)
+with ex_col1:
+    if st.button("FastAPI #1234 example", key="ex1", help="Example issue"):
+        st.info("Set issue URL to a real FastAPI issue, e.g.: https://github.com/tiangolo/fastapi/issues/10876")
+with ex_col2:
+    if st.button("Requests #6710 example", key="ex2", help="Example issue"):
+        st.info("Set issue URL to: https://github.com/psf/requests/issues/6710")
+with ex_col3:
+    if st.button("Flask #5742 example", key="ex3", help="Example issue"):
+        st.info("Set issue URL to: https://github.com/pallets/flask/issues/5742")
+
+st.markdown('</div>', unsafe_allow_html=True)
+
+# ── Analyze Button ────────────────────────────────────────────────────────────
+st.markdown("<br>", unsafe_allow_html=True)
+btn_col, info_col = st.columns([1, 3])
+
+with btn_col:
+    analyze_clicked = st.button(
+        "🚀 Analyze & Fix",
+        key="analyze_btn",
+        type="primary",
+        disabled=st.session_state.running,
+        use_container_width=True,
+    )
+
+with info_col:
+    if st.session_state.running:
+        st.markdown(
+            '<div style="padding: 0.6rem; color: #60a5fa; font-size: 0.9rem; display: flex; align-items: center; gap: 0.5rem;">'
+            '⏳ Analysis in progress... This may take 1-3 minutes depending on repo size.'
+            '</div>',
+            unsafe_allow_html=True
+        )
+    elif st.session_state.result:
+        total_time = sum(st.session_state.result.step_timings.values())
+        st.markdown(
+            f'<div style="padding: 0.6rem; color: #10b981; font-size: 0.9rem;">'
+            f'✅ Last analysis completed in {total_time:.1f}s</div>',
+            unsafe_allow_html=True
+        )
+
+
+# ── Pipeline Execution ────────────────────────────────────────────────────────
+STEP_LABELS = {
+    "0_fetch":      ("📡", "Fetching GitHub Data"),
+    "1_issue":      ("📋", "Analyzing Bug Report"),
+    "2_mapping":    ("🗺️", "Mapping Codebase"),
+    "3_analysis":   ("🔬", "Root Cause Analysis"),
+    "4_fix":        ("🔧", "Generating Fix"),
+    "5_diff":       ("📝", "Creating PR Description"),
+    "6_confidence": ("🎯", "Confidence Evaluation"),
+}
+
+
+def run_agent():
+    """Execute the FixFlow agent pipeline (runs in main thread for Streamlit)."""
+    st.session_state.running = True
+    st.session_state.result = None
+    st.session_state.error = None
+    st.session_state.step_statuses = {}
+    st.session_state.step_messages = {}
+    st.session_state.stream_buffer = ""
+
+    def on_status(step: str, status: str, message: str):
+        st.session_state.step_statuses[step] = status
+        st.session_state.step_messages[step] = message
+
+    def on_stream(chunk: str):
+        st.session_state.stream_buffer += chunk
+
+    try:
+        llm = GLMClient(
+            api_key=st.session_state.glm_api_key,
+            base_url=GLM_BASE_URL,
+            model=st.session_state.model,
+        )
+        gh = GitHubClient(token=st.session_state.github_token or None)
+        agent = FixFlowAgent(llm_client=llm, github_client=gh)
+
+        result = agent.run(
+            issue_url=issue_url.strip(),
+            repo_url=repo_url.strip(),
+            on_status=on_status,
+            stream_callback=on_stream,
+            run_confidence_eval=st.session_state.run_confidence,
+        )
+        st.session_state.result = result
+
+    except Exception as e:
+        st.session_state.error = str(e)
+        logger.exception("Agent pipeline error")
+    finally:
+        st.session_state.running = False
+
+
+# Trigger on button click
+if analyze_clicked:
+    if not st.session_state.glm_api_key:
+        st.error("⚠️ Please enter your GLM API key in the sidebar.")
+    elif not issue_url:
+        st.error("⚠️ Please enter a GitHub Issue URL.")
+    elif not repo_url:
+        st.error("⚠️ Please enter the Repository URL.")
+    else:
+        run_agent()
+        st.rerun()
+
+
+# ── Error Display ─────────────────────────────────────────────────────────────
+if st.session_state.error:
+    st.error(f"❌ **Error:** {st.session_state.error}")
+    with st.expander("🐛 Debug Information"):
+        st.code(st.session_state.error)
+
+
+# ── Pipeline Progress ─────────────────────────────────────────────────────────
+if st.session_state.step_statuses or st.session_state.result:
+    st.markdown("---")
+    st.markdown("### ⚡ Pipeline Progress")
+
+    statuses = st.session_state.step_statuses
+    result: Optional[AgentResult] = st.session_state.result
+    timings = result.step_timings if result else {}
+
+    status_icons = {
+        "running": "⏳",
+        "complete": "✅",
+        "error": "❌",
+        "info": "ℹ️",
+    }
+
+    progress_cols = st.columns(min(len(STEP_LABELS), 4))
+    step_items = list(STEP_LABELS.items())
+
+    for i, (step_id, (icon, label)) in enumerate(step_items):
+        status = statuses.get(step_id, "idle")
+        timing = timings.get(step_id)
+
+        css_class = f"step-{status}" if status != "idle" else "step-idle"
+        status_icon = status_icons.get(status, "⬜")
+        time_str = f"{timing:.1f}s" if timing else ""
+
+        st.markdown(
+            f'<div class="step-indicator {css_class}">'
+            f'<span class="step-icon">{status_icon}</span>'
+            f'<span>{icon} {label}</span>'
+            f'<span class="step-time">{time_str}</span>'
+            f'</div>',
+            unsafe_allow_html=True,
+        )
+
+
+# ── Results ───────────────────────────────────────────────────────────────────
+if st.session_state.result:
+    result: AgentResult = st.session_state.result
+    st.markdown("---")
+
+    # ── Summary Stats ─────────────────────────────────────────────────────────
+    total_time = sum(result.step_timings.values())
+    stats = result.diff_stats
+
+    st.markdown("### 📊 Analysis Summary")
+    m1, m2, m3, m4 = st.columns(4)
+
+    with m1:
+        st.markdown(
+            f'<div class="stat-card">'
+            f'<div class="stat-value">{len(result.suspect_file_paths)}</div>'
+            f'<div class="stat-label">Files Analyzed</div>'
+            f'</div>',
+            unsafe_allow_html=True
+        )
+    with m2:
+        st.markdown(
+            f'<div class="stat-card">'
+            f'<div class="stat-value">{stats.get("files_changed", 0)}</div>'
+            f'<div class="stat-label">Files Changed</div>'
+            f'</div>',
+            unsafe_allow_html=True
+        )
+    with m3:
+        st.markdown(
+            f'<div class="stat-card">'
+            f'<div class="stat-value">+{stats.get("lines_added", 0)}</div>'
+            f'<div class="stat-label">Lines Added</div>'
+            f'</div>',
+            unsafe_allow_html=True
+        )
+    with m4:
+        st.markdown(
+            f'<div class="stat-card">'
+            f'<div class="stat-value">{total_time:.0f}s</div>'
+            f'<div class="stat-label">Total Time</div>'
+            f'</div>',
+            unsafe_allow_html=True
+        )
+
+    st.markdown("<br>", unsafe_allow_html=True)
+
+    # ── Step 1: Bug Summary ───────────────────────────────────────────────────
+    with st.expander("📋 Step 1: Bug Summary", expanded=True):
+        st.markdown(
+            f'<div style="color: #9ca3af; font-size: 0.82rem; margin-bottom: 1rem;">'
+            f'⏱️ Completed in {result.step_timings.get("1_issue", 0):.1f}s'
+            f'</div>',
+            unsafe_allow_html=True
+        )
+        st.markdown(result.bug_summary)
+
+    # ── Step 2: Relevant Files ────────────────────────────────────────────────
+    with st.expander("🔍 Step 2: Relevant Files & Codebase Mapping", expanded=False):
+        st.markdown(
+            f'<div style="color: #9ca3af; font-size: 0.82rem; margin-bottom: 0.5rem;">'
+            f'⏱️ Completed in {result.step_timings.get("2_mapping", 0):.1f}s | '
+            f'Selected {len(result.suspect_file_paths)} files for deep analysis'
+            f'</div>',
+            unsafe_allow_html=True
+        )
+
+        if result.suspect_file_paths:
+            st.markdown("**🎯 Files Selected for Analysis:**")
+            for i, fp in enumerate(result.suspect_file_paths, 1):
+                st.markdown(f"`{i}.` `{fp}`")
+
+        st.markdown("---")
+        st.markdown(result.relevant_files_analysis)
+
+    # ── Step 3: Root Cause Analysis ───────────────────────────────────────────
+    with st.expander("🔬 Step 3: Root Cause Analysis (Chain-of-Thought)", expanded=True):
+        st.markdown(
+            f'<div style="color: #9ca3af; font-size: 0.82rem; margin-bottom: 1rem;">'
+            f'⏱️ Completed in {result.step_timings.get("3_analysis", 0):.1f}s | '
+            f'This is the core reasoning chain — read carefully!'
+            f'</div>',
+            unsafe_allow_html=True
+        )
+        st.markdown(result.root_cause_analysis)
+
+    # ── Step 4: Proposed Fix (Diff) ───────────────────────────────────────────
+    with st.expander("🔧 Step 4: Proposed Fix", expanded=True):
+        st.markdown(
+            f'<div style="color: #9ca3af; font-size: 0.82rem; margin-bottom: 1rem;">'
+            f'⏱️ Completed in {result.step_timings.get("4_fix", 0):.1f}s | '
+            f'{stats.get("files_changed", 0)} file(s) modified, '
+            f'+{stats.get("lines_added", 0)} / -{stats.get("lines_removed", 0)} lines'
+            f'</div>',
+            unsafe_allow_html=True
+        )
+
+        if result.diffs:
+            # Syntax-highlighted diff
+            for filepath, diff_content in result.diffs.items():
+                st.markdown(f"**`{filepath}`**")
+                st.code(diff_content, language="diff")
+        else:
+            st.warning("⚠️ No diffs generated. The LLM may not have proposed direct file changes.")
+            if result.fix_generation_raw:
+                st.markdown("**Raw fix proposal from GLM:**")
+                st.markdown(result.fix_generation_raw)
+
+        # Copy button for full diff
+        if result.diff_formatted and result.diffs:
+            st.markdown("---")
+            copy_col, _ = st.columns([1, 3])
+            with copy_col:
+                st.download_button(
+                    "📋 Copy Full Diff",
+                    data=result.diff_formatted,
+                    file_name="fixflow.diff",
+                    mime="text/plain",
+                    use_container_width=True,
+                )
+
+    # ── Step 5: Fix Explanation ───────────────────────────────────────────────
+    with st.expander("📝 Step 5: PR Description & Fix Explanation", expanded=True):
+        st.markdown(
+            f'<div style="color: #9ca3af; font-size: 0.82rem; margin-bottom: 1rem;">'
+            f'⏱️ Completed in {result.step_timings.get("5_diff", 0):.1f}s'
+            f'</div>',
+            unsafe_allow_html=True
+        )
+        st.markdown(result.fix_explanation)
+
+    # ── Confidence Eval (optional) ────────────────────────────────────────────
+    if result.confidence_eval:
+        with st.expander("🎯 Confidence Self-Evaluation", expanded=False):
+            st.markdown(result.confidence_eval)
+
+    # ── Export Full Report ────────────────────────────────────────────────────
+    st.markdown("---")
+    st.markdown("### 📤 Export Report")
+    exp_col1, exp_col2, _ = st.columns([1, 1, 2])
+
+    full_report = generate_full_report(result)
+    issue_num = result.issue_data.get("number", "0")
+    repo_slug = repo_url.strip().rstrip("/").split("/")[-1] if repo_url else "repo"
+
+    with exp_col1:
+        st.download_button(
+            "📄 Download Full Report (.md)",
+            data=full_report,
+            file_name=f"fixflow_{repo_slug}_issue_{issue_num}.md",
+            mime="text/markdown",
+            use_container_width=True,
+        )
+
+    with exp_col2:
+        if result.diff_formatted and result.diffs:
+            st.download_button(
+                "📦 Download Patch (.diff)",
+                data=result.diff_formatted,
+                file_name=f"fixflow_{repo_slug}_issue_{issue_num}.diff",
+                mime="text/plain",
+                use_container_width=True,
+            )
+
+    st.markdown("---")
+    st.markdown(
+        '<div style="text-align: center; color: #4b5563; font-size: 0.8rem; padding: 1rem 0;">'
+        '🔧 <b style="color: #6c63ff;">FixFlow</b> — Autonomous Bug Resolution · Powered by '
+        '<b style="color: #a78bfa;">GLM 5.1 by Z.ai</b>'
+        '</div>',
+        unsafe_allow_html=True
+    )
+
+
+# ── Empty State ───────────────────────────────────────────────────────────────
+elif not st.session_state.running and not st.session_state.error:
+    st.markdown("<br>", unsafe_allow_html=True)
+
+    col1, col2, col3 = st.columns(3)
+
+    cards = [
+        ("🐛", "Bug Report Parsing", "Automatically extracts error messages, reproduction steps, affected components, and technical clues from any GitHub issue."),
+        ("🧠", "Chain-of-Thought Reasoning", "Traces the execution flow step-by-step, citing specific file names, functions, and line numbers to pinpoint the root cause."),
+        ("🔧", "PR-Ready Fixes", "Generates minimal, precise code fixes with unified diffs and a complete pull request description you can copy directly."),
+    ]
+
+    for col, (icon, title, desc) in zip([col1, col2, col3], cards):
+        with col:
+            st.markdown(
+                f'<div class="pipeline-card" style="text-align: center; padding: 2rem 1.5rem;">'
+                f'<div style="font-size: 2.5rem; margin-bottom: 0.75rem;">{icon}</div>'
+                f'<div style="font-weight: 700; font-size: 1rem; color: #f0f0ff; margin-bottom: 0.5rem;">{title}</div>'
+                f'<div style="font-size: 0.85rem; color: #6b7280; line-height: 1.6;">{desc}</div>'
+                f'</div>',
+                unsafe_allow_html=True,
+            )
+
+    st.markdown("<br>", unsafe_allow_html=True)
+
+    # How it works
+    st.markdown("### 🔄 How It Works")
+    steps_html = """
+    <div style="display: grid; grid-template-columns: repeat(auto-fit, minmax(200px, 1fr)); gap: 0.75rem; margin-top: 1rem;">
+    """
+    how_steps = [
+        ("1", "📡", "Fetch Issue", "Pulls the full GitHub issue: title, body, comments, labels"),
+        ("2", "🗺️", "Map Codebase", "Identifies top 5-10 suspect files from the repo tree"),
+        ("3", "🔬", "Analyze Code", "Deep code reading with chain-of-thought root cause tracing"),
+        ("4", "🔧", "Generate Fix", "Creates corrected file versions with minimal changes"),
+        ("5", "📝", "Write PR", "Produces unified diff + human-readable PR description"),
+    ]
+    for num, icon, title, desc in how_steps:
+        steps_html += f"""
+        <div style="background: #12141a; border: 1px solid #2a2c36; border-radius: 10px; padding: 1rem; position: relative;">
+            <div style="position: absolute; top: -10px; left: 12px; background: linear-gradient(135deg, #6c63ff, #a78bfa); border-radius: 50%; width: 22px; height: 22px; display: flex; align-items: center; justify-content: center; font-size: 0.7rem; font-weight: 800; color: white;">{num}</div>
+            <div style="font-size: 1.4rem; margin-bottom: 0.4rem; margin-top: 0.3rem;">{icon}</div>
+            <div style="font-weight: 700; font-size: 0.9rem; color: #f0f0ff; margin-bottom: 0.3rem;">{title}</div>
+            <div style="font-size: 0.78rem; color: #6b7280; line-height: 1.5;">{desc}</div>
+        </div>
+        """
+    steps_html += "</div>"
+    st.markdown(steps_html, unsafe_allow_html=True)

backend/__init__.py

@@ -0,0 +1 @@
+# FixFlow Backend Package

backend/agent.py

@@ -0,0 +1,495 @@
+"""
+FixFlow Core Agent — Multi-step autonomous bug resolution pipeline.
+
+Pipeline:
+  Step 1: Issue Understanding     → Structured bug summary
+  Step 2: Codebase Mapping        → Ranked list of suspect files
+  Step 3: Deep Code Analysis      → Root cause analysis + reasoning chain
+  Step 4: Fix Generation          → Corrected file contents
+  Step 5: Diff & Explanation      → PR-ready diff + human explanation
+"""
+import logging
+import time
+from dataclasses import dataclass, field
+from typing import Callable, Dict, Iterator, List, Optional
+
+from backend.config import MAX_FILES_TO_ANALYZE
+from backend.llm_client import GLMClient
+from backend.github_client import GitHubClient
+from backend.code_indexer import (
+    build_file_tree_string,
+    extract_file_paths_from_llm_response,
+    extract_keywords_from_issue,
+    format_file_contents_for_prompt,
+    rank_files_by_keyword_match,
+)
+from backend.diff_generator import (
+    format_diff_for_display,
+    generate_all_diffs,
+    get_diff_stats,
+    parse_fixed_files_from_llm_response,
+)
+from backend.prompts import (
+    SYSTEM_MESSAGE,
+    ISSUE_ANALYSIS_PROMPT,
+    FILE_RELEVANCE_PROMPT,
+    ROOT_CAUSE_PROMPT,
+    FIX_GENERATION_PROMPT,
+    FIX_EXPLANATION_PROMPT,
+    CONFIDENCE_EVAL_PROMPT,
+)
+
+logger = logging.getLogger(__name__)
+
+
+# ── Result Dataclass ──────────────────────────────────────────────────────────
+
+@dataclass
+class AgentResult:
+    """Holds all outputs from the FixFlow pipeline."""
+    # Inputs
+    issue_url: str = ""
+    repo_url: str = ""
+    issue_data: Dict = field(default_factory=dict)
+
+    # Step outputs
+    bug_summary: str = ""
+    relevant_files_analysis: str = ""
+    suspect_file_paths: List[str] = field(default_factory=list)
+    root_cause_analysis: str = ""
+    fix_generation_raw: str = ""
+    fixed_files: Dict[str, str] = field(default_factory=dict)
+    diffs: Dict[str, str] = field(default_factory=dict)
+    diff_formatted: str = ""
+    fix_explanation: str = ""
+    confidence_eval: str = ""
+
+    # Metadata
+    step_timings: Dict[str, float] = field(default_factory=dict)
+    step_errors: Dict[str, str] = field(default_factory=dict)
+    diff_stats: Dict = field(default_factory=dict)
+    file_tree: List[Dict] = field(default_factory=list)
+    original_file_contents: Dict[str, str] = field(default_factory=dict)
+
+
+# Status callback type
+StatusCallback = Optional[Callable[[str, str, str], None]]
+# Args: (step_name, status, message)
+# status: "running" | "complete" | "error" | "info"
+
+
+# ── FixFlow Agent ─────────────────────────────────────────────────────────────
+
+class FixFlowAgent:
+    """
+    Orchestrates the full bug-resolution pipeline.
+
+    Usage:
+        agent = FixFlowAgent(glm_client, github_client)
+        result = agent.run(issue_url, repo_url, on_status=callback)
+    """
+
+    def __init__(
+        self,
+        llm_client: GLMClient,
+        github_client: GitHubClient,
+    ):
+        self.llm = llm_client
+        self.gh = github_client
+
+    # ── Public entry point ────────────────────────────────────────────────────
+
+    def run(
+        self,
+        issue_url: str,
+        repo_url: str,
+        on_status: StatusCallback = None,
+        stream_callback: Optional[Callable[[str], None]] = None,
+        run_confidence_eval: bool = False,
+    ) -> AgentResult:
+        """
+        Execute the full FixFlow pipeline. Returns an AgentResult.
+        
+        Args:
+            issue_url: Full GitHub issue URL
+            repo_url: Full GitHub repo URL
+            on_status: Optional callback(step, status, message) for UI updates
+            stream_callback: Optional callback(chunk) for streaming LLM output
+            run_confidence_eval: Whether to run the optional confidence self-eval
+        """
+        result = AgentResult(issue_url=issue_url, repo_url=repo_url)
+        self._status = on_status or (lambda *a: None)
+
+        try:
+            # ── Step 0: Fetch GitHub data ─────────────────────────────────
+            self._emit("0_fetch", "running", "Fetching GitHub issue and repository data...")
+            t0 = time.time()
+
+            result.issue_data = self._fetch_issue(issue_url)
+            result.file_tree = self._fetch_repo_tree(repo_url)
+            result.step_timings["0_fetch"] = time.time() - t0
+            self._emit("0_fetch", "complete",
+                       f"Fetched issue #{result.issue_data['number']} + "
+                       f"{len(result.file_tree)} repo files in "
+                       f"{result.step_timings['0_fetch']:.1f}s")
+
+            # ── Step 1: Issue Understanding ───────────────────────────────
+            self._emit("1_issue", "running", "Analyzing bug report with GLM...")
+            t1 = time.time()
+
+            result.bug_summary = self._step1_issue_understanding(
+                result.issue_data, stream_callback
+            )
+            result.step_timings["1_issue"] = time.time() - t1
+            self._emit("1_issue", "complete",
+                       f"Bug analysis complete in {result.step_timings['1_issue']:.1f}s")
+
+            # ── Step 2: Codebase Mapping ──────────────────────────────────
+            self._emit("2_mapping", "running", "Scanning codebase to identify suspect files...")
+            t2 = time.time()
+
+            result.relevant_files_analysis, result.suspect_file_paths = \
+                self._step2_codebase_mapping(
+                    result.bug_summary,
+                    result.file_tree,
+                    result.issue_data,
+                    stream_callback,
+                    repo_url=repo_url,
+                )
+            result.step_timings["2_mapping"] = time.time() - t2
+            self._emit("2_mapping", "complete",
+                       f"Identified {len(result.suspect_file_paths)} suspect files in "
+                       f"{result.step_timings['2_mapping']:.1f}s")
+
+            # ── Step 3: Deep Code Analysis ────────────────────────────────
+            self._emit("3_analysis", "running",
+                       f"Reading {len(result.suspect_file_paths)} files + performing root cause analysis...")
+            t3 = time.time()
+
+            result.original_file_contents = self.gh.fetch_multiple_files(
+                repo_url, result.suspect_file_paths
+            )
+            result.root_cause_analysis = self._step3_deep_analysis(
+                result.bug_summary,
+                result.original_file_contents,
+                stream_callback,
+            )
+            result.step_timings["3_analysis"] = time.time() - t3
+            self._emit("3_analysis", "complete",
+                       f"Root cause identified in {result.step_timings['3_analysis']:.1f}s")
+
+            # ── Step 4: Fix Generation ────────────────────────────────────
+            self._emit("4_fix", "running", "Generating corrected file contents...")
+            t4 = time.time()
+
+            result.fix_generation_raw = self._step4_fix_generation(
+                result.root_cause_analysis,
+                result.original_file_contents,
+                stream_callback,
+            )
+            result.fixed_files = parse_fixed_files_from_llm_response(
+                result.fix_generation_raw,
+                result.suspect_file_paths,
+            )
+            result.step_timings["4_fix"] = time.time() - t4
+            self._emit("4_fix", "complete",
+                       f"Generated fixes for {len(result.fixed_files)} file(s) in "
+                       f"{result.step_timings['4_fix']:.1f}s")
+
+            # ── Step 5: Diff & Explanation ────────────────────────────────
+            self._emit("5_diff", "running", "Generating diff and PR explanation...")
+            t5 = time.time()
+
+            result.diffs = generate_all_diffs(
+                result.original_file_contents, result.fixed_files
+            )
+            result.diff_formatted = format_diff_for_display(result.diffs)
+            result.diff_stats = get_diff_stats(result.diffs)
+
+            result.fix_explanation = self._step5_explanation(
+                result.bug_summary,
+                result.root_cause_analysis,
+                result.diff_formatted,
+                stream_callback,
+            )
+            result.step_timings["5_diff"] = time.time() - t5
+            self._emit("5_diff", "complete",
+                       f"PR explanation ready in {result.step_timings['5_diff']:.1f}s")
+
+            # ── Optional: Confidence Evaluation ───────────────────────────
+            if run_confidence_eval:
+                self._emit("6_confidence", "running", "Running self-evaluation...")
+                t6 = time.time()
+                combined = (
+                    f"# Bug Summary\n{result.bug_summary}\n\n"
+                    f"# Root Cause\n{result.root_cause_analysis}\n\n"
+                    f"# Fix Explanation\n{result.fix_explanation}"
+                )
+                result.confidence_eval = self._run_confidence_eval(combined)
+                result.step_timings["6_confidence"] = time.time() - t6
+                self._emit("6_confidence", "complete",
+                           f"Confidence eval done in {result.step_timings['6_confidence']:.1f}s")
+
+        except Exception as e:
+            logger.exception("FixFlow pipeline failed")
+            step = self._current_step or "unknown"
+            result.step_errors[step] = str(e)
+            self._emit(step, "error", f"❌ Pipeline failed: {e}")
+            raise
+
+        return result
+
+    # ── Pipeline Steps ────────────────────────────────────────────────────────
+
+    def _step1_issue_understanding(
+        self,
+        issue_data: Dict,
+        stream_cb: Optional[Callable] = None,
+    ) -> str:
+        self._current_step = "1_issue"
+
+        comments_text = ""
+        for c in issue_data.get("comments", [])[:5]:
+            comments_text += f"**@{c['author']}:** {c['body'][:500]}\n\n"
+        if not comments_text:
+            comments_text = "No comments."
+
+        prompt = ISSUE_ANALYSIS_PROMPT.format(
+            title=issue_data.get("title", ""),
+            body=issue_data.get("body", ""),
+            labels=", ".join(issue_data.get("labels", [])) or "none",
+            comments=comments_text,
+        )
+
+        messages = [
+            {"role": "system", "content": SYSTEM_MESSAGE},
+            {"role": "user", "content": prompt},
+        ]
+        return self._llm_call(messages, stream_cb, temperature=0.2)
+
+    def _step2_codebase_mapping(
+        self,
+        bug_summary: str,
+        file_tree: List[Dict],
+        issue_data: Dict,
+        stream_cb: Optional[Callable] = None,
+        repo_url: str = "",
+    ):
+        self._current_step = "2_mapping"
+
+        # Pre-filter files by keyword match for large repos
+        keywords = extract_keywords_from_issue(issue_data)
+        ranked_files = rank_files_by_keyword_match(file_tree, keywords)
+
+        tree_string = build_file_tree_string(ranked_files, max_lines=200)
+        repo_name = repo_url.rstrip("/").split("/")[-2:]
+        repo_display = "/".join(repo_name) if len(repo_name) == 2 else repo_url
+
+        prompt = FILE_RELEVANCE_PROMPT.format(
+            bug_summary=bug_summary,
+            file_tree=tree_string,
+            repo_name=repo_display,
+        )
+
+        messages = [
+            {"role": "system", "content": SYSTEM_MESSAGE},
+            {"role": "user", "content": prompt},
+        ]
+        analysis = self._llm_call(messages, stream_cb, temperature=0.2)
+
+        # Extract actual file paths from the response
+        paths = extract_file_paths_from_llm_response(analysis)
+
+        # Validate against actual tree (only keep paths that exist)
+        known_paths = {f["path"] for f in file_tree}
+        valid_paths = [p for p in paths if p in known_paths]
+
+        # If LLM hallucinated paths, fall back to keyword-ranked files
+        if not valid_paths:
+            logger.warning("LLM returned no valid paths — falling back to keyword ranking")
+            valid_paths = [f["path"] for f in ranked_files[:MAX_FILES_TO_ANALYZE]]
+
+        return analysis, valid_paths[:MAX_FILES_TO_ANALYZE]
+
+    def _step3_deep_analysis(
+        self,
+        bug_summary: str,
+        file_contents: Dict[str, str],
+        stream_cb: Optional[Callable] = None,
+    ) -> str:
+        self._current_step = "3_analysis"
+
+        formatted = format_file_contents_for_prompt(file_contents)
+
+        prompt = ROOT_CAUSE_PROMPT.format(
+            bug_summary=bug_summary,
+            file_contents=formatted,
+        )
+
+        messages = [
+            {"role": "system", "content": SYSTEM_MESSAGE},
+            {"role": "user", "content": prompt},
+        ]
+        return self._llm_call(messages, stream_cb, temperature=0.15, max_tokens=6000)
+
+    def _step4_fix_generation(
+        self,
+        root_cause: str,
+        file_contents: Dict[str, str],
+        stream_cb: Optional[Callable] = None,
+    ) -> str:
+        self._current_step = "4_fix"
+
+        formatted = format_file_contents_for_prompt(file_contents)
+
+        # Build list of filepaths for the placeholder
+        filepaths = ", ".join(file_contents.keys()) or "affected_file.py"
+
+        prompt = FIX_GENERATION_PROMPT.format(
+            root_cause=root_cause,
+            file_contents=formatted,
+            filepath_placeholder=filepaths,
+        )
+
+        messages = [
+            {"role": "system", "content": SYSTEM_MESSAGE},
+            {"role": "user", "content": prompt},
+        ]
+        return self._llm_call(messages, stream_cb, temperature=0.1, max_tokens=8000)
+
+    def _step5_explanation(
+        self,
+        bug_summary: str,
+        root_cause: str,
+        diff_formatted: str,
+        stream_cb: Optional[Callable] = None,
+    ) -> str:
+        self._current_step = "5_diff"
+
+        # Shorten root cause for context
+        root_cause_summary = root_cause[:2000] + ("..." if len(root_cause) > 2000 else "")
+
+        prompt = FIX_EXPLANATION_PROMPT.format(
+            bug_summary=bug_summary,
+            root_cause_summary=root_cause_summary,
+            unified_diff=diff_formatted[:3000],
+        )
+
+        messages = [
+            {"role": "system", "content": SYSTEM_MESSAGE},
+            {"role": "user", "content": prompt},
+        ]
+        return self._llm_call(messages, stream_cb, temperature=0.3)
+
+    def _run_confidence_eval(self, analysis: str) -> str:
+        self._current_step = "6_confidence"
+        prompt = CONFIDENCE_EVAL_PROMPT.format(analysis=analysis[:4000])
+        messages = [
+            {"role": "system", "content": SYSTEM_MESSAGE},
+            {"role": "user", "content": prompt},
+        ]
+        return self._llm_call(messages, None, temperature=0.2)
+
+    # ── Helpers ───────────────────────────────────────────────────────────────
+
+    def _llm_call(
+        self,
+        messages: List[Dict],
+        stream_cb: Optional[Callable],
+        temperature: float = 0.3,
+        max_tokens: int = 4096,
+    ) -> str:
+        """
+        Route to streaming or sync call depending on whether a stream callback is provided.
+        """
+        if stream_cb:
+            full_response = ""
+            for chunk in self.llm.chat_stream(messages, temperature, max_tokens):
+                stream_cb(chunk)
+                full_response += chunk
+            return full_response
+        else:
+            return self.llm.chat(messages, temperature, max_tokens)
+
+    def _fetch_issue(self, issue_url: str) -> Dict:
+        return self.gh.fetch_issue(issue_url)
+
+    def _fetch_repo_tree(self, repo_url: str) -> List[Dict]:
+        return self.gh.fetch_repo_tree(repo_url)
+
+    def _emit(self, step: str, status: str, message: str) -> None:
+        self._status(step, status, message)
+        logger.info("[%s] %s: %s", step, status.upper(), message)
+
+    _current_step: str = "init"
+
+
+# ── Wrapper for full report generation ───────────────────────────────────────
+
+def generate_full_report(result: AgentResult) -> str:
+    """
+    Generate a complete markdown report from an AgentResult.
+    Suitable for download/export.
+    """
+    total_time = sum(result.step_timings.values())
+    stats = result.diff_stats
+
+    report = f"""# 🔧 FixFlow Autonomous Bug Resolution Report
+
+**Issue:** [{result.issue_data.get('title', 'Unknown')}]({result.issue_url})  
+**Repository:** {result.repo_url}  
+**Analysis Date:** {time.strftime('%Y-%m-%d %H:%M UTC')}  
+**Total Analysis Time:** {total_time:.1f}s  
+
+---
+
+## 📋 Step 1: Bug Summary
+
+{result.bug_summary}
+
+---
+
+## 🔍 Step 2: Relevant Files Analysis
+
+{result.relevant_files_analysis}
+
+**Files Selected for Analysis:**
+{chr(10).join(f'- `{p}`' for p in result.suspect_file_paths)}
+
+---
+
+## 🔬 Step 3: Root Cause Analysis
+
+{result.root_cause_analysis}
+
+---
+
+## 🔧 Step 4: Proposed Fix
+
+**Diff Statistics:**
+- Files changed: {stats.get('files_changed', 0)}
+- Lines added: +{stats.get('lines_added', 0)}
+- Lines removed: -{stats.get('lines_removed', 0)}
+
+{result.diff_formatted}
+
+---
+
+## 📝 Step 5: Fix Explanation (PR Description)
+
+{result.fix_explanation}
+
+---
+
+{f"## 🎯 Confidence Evaluation{chr(10)}{result.confidence_eval}{chr(10)}{chr(10)}---{chr(10)}" if result.confidence_eval else ""}
+
+## ⏱️ Timing Breakdown
+
+| Step | Duration |
+|------|----------|
+{"".join(f"| {k} | {v:.1f}s |{chr(10)}" for k, v in result.step_timings.items())}
+
+---
+*Generated by FixFlow — Autonomous Bug Resolution Agent powered by GLM 5.1*
+"""
+    return report

backend/code_indexer.py

@@ -0,0 +1,166 @@
+"""
+Code indexer: parses repo structure and helps identify the most
+relevant files for a given bug. No vector DB — pure in-memory.
+"""
+import logging
+import re
+from typing import List, Dict, Optional
+
+from backend.config import CODE_EXTENSIONS, MAX_FILES_TO_ANALYZE
+
+logger = logging.getLogger(__name__)
+
+
+def build_file_tree_string(files: List[Dict], max_lines: int = 300) -> str:
+    """
+    Convert a flat list of file dicts into an indented tree string
+    suitable for LLM context.
+    """
+    paths = sorted(f["path"] for f in files)
+
+    lines = []
+    prev_parts: List[str] = []
+
+    for path in paths:
+        parts = path.split("/")
+        # Find the common prefix depth
+        common = 0
+        for i, (a, b) in enumerate(zip(prev_parts, parts[:-1])):
+            if a == b:
+                common = i + 1
+            else:
+                break
+
+        # Print changed directory levels
+        for depth in range(common, len(parts) - 1):
+            indent = "  " * depth
+            lines.append(f"{indent}📁 {parts[depth]}/")
+
+        indent = "  " * (len(parts) - 1)
+        lines.append(f"{indent}📄 {parts[-1]}")
+        prev_parts = parts[:-1]
+
+        if len(lines) >= max_lines:
+            lines.append(f"... and more files ({len(paths) - paths.index(path) - 1} remaining)")
+            break
+
+    return "\n".join(lines)
+
+
+def format_file_contents_for_prompt(
+    file_contents: Dict[str, str],
+    max_chars_per_file: int = 3000,
+    max_total_chars: int = 20000,
+) -> str:
+    """
+    Format multiple file contents into a single block for LLM context.
+    Truncates long files and respects a total character budget.
+    """
+    sections = []
+    total_chars = 0
+
+    for path, content in file_contents.items():
+        if total_chars >= max_total_chars:
+            sections.append(f"[Remaining files omitted due to context limit]")
+            break
+
+        # Add line numbers for reference
+        lines = content.splitlines()
+        numbered = "\n".join(
+            f"{i+1:4d} | {line}" for i, line in enumerate(lines)
+        )
+
+        if len(numbered) > max_chars_per_file:
+            truncated = numbered[:max_chars_per_file]
+            # Find a clean line boundary
+            last_newline = truncated.rfind("\n")
+            if last_newline > 0:
+                truncated = truncated[:last_newline]
+            numbered = truncated + f"\n\n... [TRUNCATED — {len(lines)} total lines, showing first {truncated.count(chr(10))} lines]"
+
+        section = f"### File: `{path}`\n```\n{numbered}\n```"
+        sections.append(section)
+        total_chars += len(section)
+
+    return "\n\n".join(sections)
+
+
+def extract_file_paths_from_llm_response(response: str) -> List[str]:
+    """
+    Parse file paths from the LLM's relevance ranking response.
+    Looks for backtick-quoted paths like `path/to/file.py` or **`path/to/file.py`**.
+    """
+    # Match paths in backticks
+    patterns = [
+        r"`([a-zA-Z0-9_\-./]+\.[a-zA-Z]+)`",   # `path/to/file.ext`
+        r"\*\*`([a-zA-Z0-9_\-./]+\.[a-zA-Z]+)`\*\*",  # **`path`**
+    ]
+    paths = []
+    for pattern in patterns:
+        found = re.findall(pattern, response)
+        for p in found:
+            if p not in paths and "/" in p or "." in p:
+                paths.append(p)
+
+    return paths[:MAX_FILES_TO_ANALYZE]
+
+
+def rank_files_by_keyword_match(
+    files: List[Dict],
+    keywords: List[str],
+) -> List[Dict]:
+    """
+    Quick keyword-based pre-filter before sending the full list to the LLM.
+    Returns files sorted by keyword match count (descending).
+    """
+    scored = []
+    lc_keywords = [kw.lower() for kw in keywords]
+
+    for f in files:
+        path_lower = f["path"].lower()
+        score = sum(kw in path_lower for kw in lc_keywords)
+        scored.append((score, f))
+
+    scored.sort(key=lambda x: -x[0])
+    return [f for _, f in scored]
+
+
+def extract_keywords_from_issue(issue_data: Dict) -> List[str]:
+    """
+    Extract potential code-relevant keywords from an issue dict.
+    Used for pre-filtering before sending to LLM.
+    """
+    text = " ".join([
+        issue_data.get("title", ""),
+        issue_data.get("body", ""),
+    ]).lower()
+
+    # Extract likely identifiers: CamelCase, snake_case, module names
+    words = re.findall(r"\b[a-zA-Z][a-zA-Z0-9_]{2,}\b", text)
+    # Deduplicate while preserving order
+    seen = set()
+    keywords = []
+    for w in words:
+        lw = w.lower()
+        if lw not in seen and len(lw) > 3:
+            seen.add(lw)
+            keywords.append(lw)
+
+    return keywords[:30]
+
+
+def get_file_summary(path: str, content: str, max_chars: int = 500) -> str:
+    """
+    Generate a quick summary of a file (first N chars of meaningful content).
+    Skips blank lines and comment-only lines at the top.
+    """
+    lines = content.splitlines()
+    meaningful = []
+    for line in lines:
+        stripped = line.strip()
+        if stripped and not stripped.startswith("#") and not stripped.startswith("//"):
+            meaningful.append(line)
+        if len("\n".join(meaningful)) > max_chars:
+            break
+    preview = "\n".join(meaningful)[:max_chars]
+    return preview

backend/config.py

@@ -0,0 +1,49 @@
+"""
+FixFlow Configuration
+All API keys, model config, and constants loaded from environment variables.
+"""
+import os
+from dotenv import load_dotenv
+
+load_dotenv()
+
+# ── LLM Config ──────────────────────────────────────────────────────────────
+GLM_API_KEY: str = os.getenv("GLM_API_KEY", "")
+GLM_BASE_URL: str = os.getenv("GLM_BASE_URL", "https://open.bigmodel.cn/api/paas/v4")
+GLM_MODEL: str = os.getenv("GLM_MODEL", "glm-5-plus")
+
+# ── GitHub Config ────────────────────────────────────────────────────────────
+GITHUB_TOKEN: str = os.getenv("GITHUB_TOKEN", "")
+
+# ── Agent Limits ─────────────────────────────────────────────────────────────
+MAX_FILES_TO_SCAN: int = int(os.getenv("MAX_FILES_TO_SCAN", "100"))
+MAX_FILE_SIZE_BYTES: int = int(os.getenv("MAX_FILE_SIZE_BYTES", "51200"))  # 50 KB
+MAX_FILES_TO_ANALYZE: int = 10      # Top N files sent to deep analysis
+MAX_REPO_FILES: int = 500           # Hard cap on tree traversal
+
+# ── File Filters (skip these in code analysis) ───────────────────────────────
+IGNORE_EXTENSIONS = {
+    ".png", ".jpg", ".jpeg", ".gif", ".svg", ".ico", ".webp",
+    ".mp4", ".mp3", ".wav", ".pdf", ".zip", ".tar", ".gz",
+    ".woff", ".woff2", ".ttf", ".eot",
+    ".lock", ".sum", ".mod",
+    ".pyc", ".pyo", ".pyd",
+    ".class", ".jar",
+    ".DS_Store",
+}
+
+IGNORE_DIRS = {
+    "node_modules", ".git", ".github", "__pycache__", ".venv", "venv",
+    "env", "dist", "build", ".next", ".nuxt", "coverage", ".pytest_cache",
+    "vendor", "third_party", "external", "site-packages",
+}
+
+CODE_EXTENSIONS = {
+    ".py", ".js", ".ts", ".jsx", ".tsx", ".java", ".go", ".rb", ".rs",
+    ".cpp", ".c", ".h", ".hpp", ".cs", ".php", ".swift", ".kt", ".scala",
+    ".sh", ".bash", ".yaml", ".yml", ".toml", ".cfg", ".ini", ".env",
+    ".json", ".xml", ".html", ".css", ".scss", ".sql", ".md",
+}
+
+# ── Timing & Logging ─────────────────────────────────────────────────────────
+LOG_LLM_CALLS: bool = os.getenv("LOG_LLM_CALLS", "true").lower() == "true"

backend/diff_generator.py

@@ -0,0 +1,165 @@
+"""
+Diff generator: creates unified diffs from original vs. fixed file contents.
+"""
+import difflib
+import logging
+from typing import Dict, List, Tuple
+
+logger = logging.getLogger(__name__)
+
+
+def generate_unified_diff(
+    original_content: str,
+    fixed_content: str,
+    filename: str,
+    context_lines: int = 5,
+) -> str:
+    """
+    Generate a unified diff between two versions of a file.
+    Returns the diff as a string.
+    """
+    original_lines = original_content.splitlines(keepends=True)
+    fixed_lines = fixed_content.splitlines(keepends=True)
+
+    diff = difflib.unified_diff(
+        original_lines,
+        fixed_lines,
+        fromfile=f"a/{filename}",
+        tofile=f"b/{filename}",
+        n=context_lines,
+    )
+    return "".join(diff)
+
+
+def generate_all_diffs(
+    original_files: Dict[str, str],
+    fixed_files: Dict[str, str],
+) -> Dict[str, str]:
+    """
+    Generate unified diffs for all changed files.
+    Returns {filepath: diff_string}.
+    Only includes files that actually changed.
+    """
+    diffs = {}
+
+    for filepath, fixed_content in fixed_files.items():
+        original = original_files.get(filepath, "")
+
+        # Normalize line endings for comparison
+        orig_normalized = original.replace("\r\n", "\n").strip()
+        fixed_normalized = fixed_content.replace("\r\n", "\n").strip()
+
+        if orig_normalized == fixed_normalized:
+            logger.info("No changes in %s — skipping diff", filepath)
+            continue
+
+        diff = generate_unified_diff(
+            original,
+            fixed_content,
+            filepath,
+        )
+
+        if diff.strip():
+            diffs[filepath] = diff
+            changed_lines = _count_changed_lines(diff)
+            logger.info(
+                "Generated diff for %s: +%d -%d lines",
+                filepath, changed_lines[0], changed_lines[1],
+            )
+
+    return diffs
+
+
+def _count_changed_lines(diff: str) -> Tuple[int, int]:
+    """Count added and removed lines in a unified diff."""
+    added = sum(1 for line in diff.splitlines() if line.startswith("+") and not line.startswith("+++"))
+    removed = sum(1 for line in diff.splitlines() if line.startswith("-") and not line.startswith("---"))
+    return added, removed
+
+
+def format_diff_for_display(diffs: Dict[str, str]) -> str:
+    """
+    Format all diffs into a single markdown code block for display.
+    """
+    if not diffs:
+        return "No changes generated."
+
+    parts = []
+    for filepath, diff in diffs.items():
+        added, removed = _count_changed_lines(diff)
+        parts.append(
+            f"### `{filepath}` (+{added} / -{removed} lines)\n"
+            f"```diff\n{diff}\n```"
+        )
+
+    return "\n\n".join(parts)
+
+
+def parse_fixed_files_from_llm_response(
+    response: str,
+    suspect_files: List[str],
+) -> Dict[str, str]:
+    """
+    Parse the LLM's fix generation response to extract {filepath: content}.
+    
+    The LLM is asked to output:
+      ### Fix for `path/to/file.py`
+      ```python
+      <full file content>
+      ```
+    
+    This function extracts those code blocks.
+    """
+    import re
+
+    fixed_files = {}
+
+    # Pattern: ### Fix for `filepath` ... ```lang\n<content>\n```
+    pattern = re.compile(
+        r"Fix for `([^`]+)`.*?```(?:\w+)?\n(.*?)```",
+        re.DOTALL | re.IGNORECASE,
+    )
+
+    for match in pattern.finditer(response):
+        filepath = match.group(1).strip()
+        content = match.group(2)
+
+        # Clean up the content
+        content = content.rstrip()
+
+        # Verify the filepath looks reasonable
+        if "/" in filepath or "." in filepath:
+            fixed_files[filepath] = content
+            logger.info("Parsed fixed content for: %s (%d chars)", filepath, len(content))
+
+    # Fallback: try to match any filepath from suspect_files
+    if not fixed_files:
+        logger.warning("Could not parse fix blocks from LLM response — trying fallback")
+        for fp in suspect_files:
+            # Look for content near the filename mention
+            escaped = re.escape(fp)
+            m = re.search(
+                escaped + r".*?```(?:\w+)?\n(.*?)```",
+                response,
+                re.DOTALL,
+            )
+            if m:
+                fixed_files[fp] = m.group(1).rstrip()
+
+    return fixed_files
+
+
+def get_diff_stats(diffs: Dict[str, str]) -> Dict:
+    """Return aggregate stats about the diffs."""
+    total_added = 0
+    total_removed = 0
+    for diff in diffs.values():
+        a, r = _count_changed_lines(diff)
+        total_added += a
+        total_removed += r
+
+    return {
+        "files_changed": len(diffs),
+        "lines_added": total_added,
+        "lines_removed": total_removed,
+    }

backend/github_client.py

@@ -0,0 +1,243 @@
+"""
+GitHub client for fetching issues, repo trees, and file contents.
+Supports both public repos (no auth) and private repos (with token).
+"""
+import re
+import logging
+from typing import Dict, List, Optional, Tuple
+from urllib.parse import urlparse
+
+import requests
+from github import Github, GithubException, Auth
+
+from backend.config import (
+    GITHUB_TOKEN,
+    IGNORE_EXTENSIONS,
+    IGNORE_DIRS,
+    CODE_EXTENSIONS,
+    MAX_FILE_SIZE_BYTES,
+    MAX_REPO_FILES,
+)
+
+logger = logging.getLogger(__name__)
+
+
+# ── URL Parsing Helpers ───────────────────────────────────────────────────────
+
+def parse_issue_url(issue_url: str) -> Tuple[str, str, int]:
+    """
+    Parse a GitHub issue URL into (owner, repo, issue_number).
+    Supports:
+      https://github.com/owner/repo/issues/123
+    """
+    issue_url = issue_url.strip().rstrip("/")
+    pattern = r"github\.com/([^/]+)/([^/]+)/issues/(\d+)"
+    match = re.search(pattern, issue_url)
+    if not match:
+        raise ValueError(
+            f"Could not parse GitHub issue URL: {issue_url!r}\n"
+            "Expected format: https://github.com/owner/repo/issues/123"
+        )
+    owner, repo, issue_num = match.groups()
+    return owner, repo, int(issue_num)
+
+
+def parse_repo_url(repo_url: str) -> Tuple[str, str]:
+    """
+    Parse a GitHub repo URL into (owner, repo).
+    Supports:
+      https://github.com/owner/repo
+      https://github.com/owner/repo.git
+    """
+    repo_url = repo_url.strip().rstrip("/").removesuffix(".git")
+    pattern = r"github\.com/([^/]+)/([^/]+)"
+    match = re.search(pattern, repo_url)
+    if not match:
+        raise ValueError(
+            f"Could not parse GitHub repo URL: {repo_url!r}\n"
+            "Expected format: https://github.com/owner/repo"
+        )
+    owner, repo = match.groups()
+    return owner, repo
+
+
+# ── GitHub Client ─────────────────────────────────────────────────────────────
+
+class GitHubClient:
+    """Wraps PyGithub for FixFlow's use cases."""
+
+    def __init__(self, token: Optional[str] = None):
+        tok = token or GITHUB_TOKEN
+        if tok:
+            auth = Auth.Token(tok)
+            self._gh = Github(auth=auth)
+        else:
+            self._gh = Github()  # unauthenticated (60 req/hr)
+        self._rate_limit_warned = False
+
+    # ── Issue Fetching ────────────────────────────────────────────────────────
+
+    def fetch_issue(self, issue_url: str) -> Dict:
+        """
+        Fetch a GitHub issue and return a structured dict:
+        {title, body, labels, state, author, comments, url}
+        """
+        owner, repo_name, issue_num = parse_issue_url(issue_url)
+        logger.info("Fetching issue #%d from %s/%s", issue_num, owner, repo_name)
+
+        try:
+            repo = self._gh.get_repo(f"{owner}/{repo_name}")
+            issue = repo.get_issue(number=issue_num)
+        except GithubException as e:
+            raise RuntimeError(
+                f"Failed to fetch issue from GitHub: {e.data.get('message', str(e))}"
+            ) from e
+
+        # Collect top comments (up to 10)
+        comments = []
+        try:
+            for comment in issue.get_comments():
+                comments.append({
+                    "author": comment.user.login if comment.user else "unknown",
+                    "body": comment.body or "",
+                    "created_at": str(comment.created_at),
+                })
+                if len(comments) >= 10:
+                    break
+        except GithubException:
+            pass
+
+        return {
+            "title": issue.title or "",
+            "body": issue.body or "",
+            "labels": [lbl.name for lbl in issue.labels],
+            "state": issue.state,
+            "author": issue.user.login if issue.user else "unknown",
+            "url": issue.html_url,
+            "number": issue_num,
+            "comments": comments,
+            "repo_owner": owner,
+            "repo_name": repo_name,
+        }
+
+    # ── Repo Tree ─────────────────────────────────────────────────────────────
+
+    def fetch_repo_tree(
+        self,
+        repo_url: str,
+        token: Optional[str] = None,
+    ) -> List[Dict]:
+        """
+        Return a flat list of code files in the repo.
+        Each entry: {path, size, type}
+        Filters out binary files, ignored dirs, etc.
+        """
+        owner, repo_name = parse_repo_url(repo_url)
+        logger.info("Fetching repo tree for %s/%s", owner, repo_name)
+
+        # Refresh client if a token was provided on this call
+        if token and not GITHUB_TOKEN:
+            auth = Auth.Token(token)
+            self._gh = Github(auth=auth)
+
+        try:
+            repo = self._gh.get_repo(f"{owner}/{repo_name}")
+            # Use recursive git tree for efficiency
+            tree = repo.get_git_tree("HEAD", recursive=True)
+        except GithubException as e:
+            raise RuntimeError(
+                f"Failed to fetch repo tree: {e.data.get('message', str(e))}"
+            ) from e
+
+        files = []
+        for item in tree.tree:
+            if item.type != "blob":
+                continue
+            path = item.path
+
+            # Skip ignored directories
+            parts = path.split("/")
+            if any(p in IGNORE_DIRS for p in parts[:-1]):
+                continue
+
+            # Skip ignored/non-code extensions
+            ext = "." + path.rsplit(".", 1)[-1].lower() if "." in path else ""
+            if ext in IGNORE_EXTENSIONS:
+                continue
+            if ext not in CODE_EXTENSIONS and ext:
+                continue
+
+            # Skip overly large files
+            size = item.size or 0
+            if size > MAX_FILE_SIZE_BYTES:
+                logger.debug("Skipping large file (%d bytes): %s", size, path)
+                continue
+
+            files.append({"path": path, "size": size, "type": item.type})
+            if len(files) >= MAX_REPO_FILES:
+                logger.warning("Hit MAX_REPO_FILES limit (%d)", MAX_REPO_FILES)
+                break
+
+        logger.info("Found %d code files in %s/%s", len(files), owner, repo_name)
+        return files
+
+    # ── File Content ──────────────────────────────────────────────────────────
+
+    def fetch_file_content(
+        self,
+        repo_url: str,
+        file_path: str,
+    ) -> str:
+        """
+        Fetch the raw text content of a single file from the repo.
+        Returns empty string on failure (binary, too large, etc).
+        """
+        owner, repo_name = parse_repo_url(repo_url)
+        try:
+            repo = self._gh.get_repo(f"{owner}/{repo_name}")
+            content_obj = repo.get_contents(file_path)
+            # Handle list (shouldn't happen for blobs, but defensive)
+            if isinstance(content_obj, list):
+                content_obj = content_obj[0]
+            if content_obj.size > MAX_FILE_SIZE_BYTES:
+                return f"[File too large to display: {content_obj.size} bytes]"
+            decoded = content_obj.decoded_content
+            return decoded.decode("utf-8", errors="replace")
+        except GithubException as e:
+            logger.warning("Could not fetch %s: %s", file_path, e)
+            return ""
+        except Exception as e:
+            logger.warning("Error decoding %s: %s", file_path, e)
+            return ""
+
+    def fetch_multiple_files(
+        self,
+        repo_url: str,
+        file_paths: List[str],
+    ) -> Dict[str, str]:
+        """
+        Fetch contents of multiple files. Returns {path: content} dict.
+        """
+        result = {}
+        owner, repo_name = parse_repo_url(repo_url)
+        logger.info("Fetching %d files from %s/%s", len(file_paths), owner, repo_name)
+
+        for path in file_paths:
+            content = self.fetch_file_content(repo_url, path)
+            if content:
+                result[path] = content
+        return result
+
+    # ── Rate Limit Info ───────────────────────────────────────────────────────
+
+    def get_rate_limit_info(self) -> Dict:
+        """Return current GitHub API rate limit information."""
+        try:
+            rl = self._gh.get_rate_limit()
+            return {
+                "core_remaining": rl.core.remaining,
+                "core_limit": rl.core.limit,
+                "reset_at": str(rl.core.reset),
+            }
+        except Exception:
+            return {}

backend/llm_client.py

@@ -0,0 +1,99 @@
+"""
+LLM Client for GLM 5.1 via Z.ai API (OpenAI-compatible endpoint).
+"""
+import time
+import logging
+from typing import Iterator, List, Dict, Any, Optional
+import openai
+from backend.config import GLM_API_KEY, GLM_BASE_URL, GLM_MODEL, LOG_LLM_CALLS
+
+logger = logging.getLogger(__name__)
+
+
+class GLMClient:
+    """OpenAI-compatible wrapper for Z.ai's GLM models."""
+
+    def __init__(
+        self,
+        api_key: Optional[str] = None,
+        base_url: str = GLM_BASE_URL,
+        model: str = GLM_MODEL,
+    ):
+        self.api_key = api_key or GLM_API_KEY
+        self.base_url = base_url
+        self.model = model
+        self._client: Optional[openai.OpenAI] = None
+
+    def _get_client(self) -> openai.OpenAI:
+        if self._client is None:
+            if not self.api_key:
+                raise ValueError(
+                    "GLM API key is not set. Please provide it in the sidebar or .env file."
+                )
+            self._client = openai.OpenAI(
+                api_key=self.api_key,
+                base_url=self.base_url,
+            )
+        return self._client
+
+    def chat(
+        self,
+        messages: List[Dict[str, str]],
+        temperature: float = 0.3,
+        max_tokens: int = 4096,
+    ) -> str:
+        """Synchronous chat completion. Returns the full response string."""
+        client = self._get_client()
+        start = time.time()
+
+        if LOG_LLM_CALLS:
+            logger.info(
+                "[GLM] chat() | model=%s | messages=%d | temp=%.1f",
+                self.model, len(messages), temperature,
+            )
+
+        response = client.chat.completions.create(
+            model=self.model,
+            messages=messages,
+            temperature=temperature,
+            max_tokens=max_tokens,
+        )
+        content = response.choices[0].message.content or ""
+        elapsed = time.time() - start
+
+        if LOG_LLM_CALLS:
+            logger.info("[GLM] completed in %.2fs | output_chars=%d", elapsed, len(content))
+
+        return content
+
+    def chat_stream(
+        self,
+        messages: List[Dict[str, str]],
+        temperature: float = 0.3,
+        max_tokens: int = 4096,
+    ) -> Iterator[str]:
+        """Streaming chat completion. Yields text chunks as they arrive."""
+        client = self._get_client()
+
+        if LOG_LLM_CALLS:
+            logger.info(
+                "[GLM] chat_stream() | model=%s | messages=%d",
+                self.model, len(messages),
+            )
+
+        response = client.chat.completions.create(
+            model=self.model,
+            messages=messages,
+            temperature=temperature,
+            max_tokens=max_tokens,
+            stream=True,
+        )
+        for chunk in response:
+            delta = chunk.choices[0].delta
+            if delta and delta.content:
+                yield delta.content
+
+    def update_api_key(self, api_key: str) -> None:
+        """Allow hot-swapping the API key (e.g. from Streamlit sidebar)."""
+        self.api_key = api_key
+        self._client = None  # Force re-initialization

backend/prompts.py

@@ -0,0 +1,294 @@
+"""
+All LLM prompt templates for the FixFlow agent pipeline.
+Each prompt includes a system message + user message pair.
+"""
+
+# ── Shared system message ─────────────────────────────────────────────────────
+SYSTEM_MESSAGE = (
+    "You are FixFlow, an expert senior debugging engineer with 20+ years of "
+    "experience in software debugging, code review, and root cause analysis. "
+    "You systematically analyze bug reports and codebases to identify root causes "
+    "and generate precise, minimal fixes. You ALWAYS show your reasoning step-by-step. "
+    "You reference specific files, functions, and line numbers. "
+    "Your analysis is thorough, your explanations are clear, and your fixes are "
+    "safe and well-reasoned. You never make assumptions without stating them."
+)
+
+
+# ── Step 1: Issue Understanding ───────────────────────────────────────────────
+ISSUE_ANALYSIS_PROMPT = """You have been given a GitHub issue to analyze. Your task is to extract a structured bug summary.
+
+## GitHub Issue Details
+
+**Title:** {title}
+
+**Body:**
+{body}
+
+**Labels:** {labels}
+
+**Comments (most relevant):**
+{comments}
+
+---
+
+## Your Task
+
+Carefully read the issue and extract the following information. Be precise and include exact quotes where relevant.
+
+Respond with a structured markdown document using EXACTLY this format:
+
+### 🐛 Error Message
+(The exact error message, exception, or failure description. Quote directly if possible.)
+
+### ✅ Expected Behavior
+(What the user/reporter expected to happen)
+
+### ❌ Actual Behavior
+(What actually happened — the bug behavior)
+
+### 🔁 Reproduction Steps
+(Numbered list of steps to reproduce, if provided)
+
+### 🎯 Affected Components
+(Your best guess at which modules, files, functions, or subsystems are affected based on the issue text. List as bullet points.)
+
+### 🔍 Key Technical Clues
+(Specific technical details: version numbers, stack traces, config values, edge cases — anything that will help locate the bug)
+
+### 💡 Hypothesis
+(Your initial hypothesis about the root cause, stated clearly with reasoning)
+
+Be thorough but concise. If information is not available, write "Not specified" rather than guessing.
+"""
+
+
+# ── Step 2: Codebase Mapping ──────────────────────────────────────────────────
+FILE_RELEVANCE_PROMPT = """You are analyzing a codebase to find files relevant to a bug report.
+
+## Bug Summary
+{bug_summary}
+
+## Repository File Tree
+```
+{file_tree}
+```
+
+## Repository: {repo_name}
+
+---
+
+## Your Task
+
+Identify the TOP 5-10 most relevant files that are likely related to this bug. 
+
+Think step-by-step:
+1. First, consider what the error message tells you about the code path
+2. Then look at affected components mentioned in the bug
+3. Consider entry points, utilities, and configuration files
+4. Look for files matching the error traceback if one was provided
+
+Respond with EXACTLY this format:
+
+### 🗺️ Codebase Analysis
+
+**Repository structure overview:** (2-3 sentences about what kind of codebase this is)
+
+### 📁 Relevant Files (Ranked by Suspicion)
+
+For each file, provide:
+
+**[Rank]. `path/to/file.py`**
+- **Relevance score:** X/10
+- **Why relevant:** (specific reasoning — what in this file could cause the bug)
+- **What to look for:** (specific functions, classes, or patterns to inspect)
+
+---
+
+(Repeat for each file, ranked from most to least suspicious)
+
+### 🔎 Files to Skip
+(Brief note on any obviously irrelevant areas of the codebase)
+"""
+
+
+# ── Step 3: Deep Code Analysis ────────────────────────────────────────────────
+ROOT_CAUSE_PROMPT = """You are performing a deep code analysis to identify the root cause of a bug.
+
+## Bug Summary
+{bug_summary}
+
+## Suspect Files and Content
+
+{file_contents}
+
+---
+
+## Your Task
+
+Trace the execution flow and identify the EXACT root cause of the bug. 
+
+**You MUST:**
+- Reference specific file names, function names, and line numbers
+- Show your chain-of-thought reasoning
+- Trace the call chain from entry point to failure
+- Identify the exact line(s) where the bug originates
+
+Respond with EXACTLY this format:
+
+### 🔬 Root Cause Analysis
+
+#### Executive Summary
+(1-2 sentences: what is the root cause in plain English)
+
+#### 🧠 Chain-of-Thought Reasoning
+
+**Step 1: Entry Point**
+(Where does execution start for this bug? What triggers it?)
+
+**Step 2: Execution Trace**
+(Follow the code path step by step. For each step, cite: `filename.py:function_name()` or `filename.py:LineN`)
+
+**Step 3: The Bug**
+(The exact location and nature of the bug. Be precise: "In `file.py`, line N, function `foo()` does X when it should do Y because...")
+
+**Step 4: Why This Causes the Reported Behavior**
+(Connect the bug to the symptoms described in the issue)
+
+#### 📍 Bug Location
+- **File:** `path/to/file.py`
+- **Function/Class:** `function_name()` / `ClassName`
+- **Line(s):** ~N (approximate)
+- **Type:** (e.g., off-by-one error, null check missing, race condition, type mismatch, etc.)
+
+#### ⚠️ Contributing Factors
+(Any secondary issues, missed validations, or design problems that make this worse)
+
+#### 🎯 Confidence Level
+(High/Medium/Low) — and why
+
+Be thorough. Show your work. Reference specific code.
+"""
+
+
+# ── Step 4: Fix Generation ────────────────────────────────────────────────────
+FIX_GENERATION_PROMPT = """You are generating a precise, minimal fix for a confirmed bug.
+
+## Root Cause Analysis
+{root_cause}
+
+## Files to Fix
+
+{file_contents}
+
+---
+
+## Your Task
+
+Generate corrected versions of the affected files. 
+
+**Rules for the fix:**
+1. Make the MINIMAL change needed — don't refactor unrelated code
+2. The fix must directly address the root cause identified above
+3. Add a comment explaining WHY the change was made (not just what)
+4. Preserve existing code style, formatting, and conventions
+5. Consider edge cases your fix must handle
+
+For EACH file that needs changes, provide:
+
+---
+
+### Fix for `{filepath_placeholder}`
+
+**What changed and why:**
+(Brief explanation of the change)
+
+**Fixed code:**
+```python
+(FULL content of the fixed file — complete, not just the changed section)
+```
+
+---
+
+If multiple files need changes, repeat the above section for each file.
+
+After all fixes, add:
+
+### ✅ Fix Summary
+- Files changed: N
+- Nature of fix: (one-liner)
+- Risk level: Low/Medium/High (and why)
+- Edge cases handled: (bullet list)
+"""
+
+
+# ── Step 5: Fix Explanation ───────────────────────────────────────────────────
+FIX_EXPLANATION_PROMPT = """You are writing a human-readable explanation of a code fix for a pull request.
+
+## Original Bug
+{bug_summary}
+
+## Root Cause
+{root_cause_summary}
+
+## Changes Made (Unified Diff)
+```diff
+{unified_diff}
+```
+
+---
+
+## Your Task
+
+Write a clear, friendly, professional pull request description that a human reviewer can read to quickly understand and verify this fix.
+
+Respond with EXACTLY this format:
+
+### 📝 Pull Request: Fix for [bug title]
+
+#### 🐛 Problem
+(What was the bug? 2-3 sentences, non-technical enough for a manager to understand)
+
+#### 🔍 Root Cause
+(Technical explanation of WHY this bug existed — 3-5 sentences)
+
+#### 🔧 Solution
+(What was changed and how it fixes the problem — reference specific lines/functions)
+
+#### 📋 Changes
+(For each changed file, one bullet: "`filename.py` — what changed and why")
+
+#### 🧪 Testing Recommendations
+(How a reviewer should verify this fix works — what to test, what edge cases to check)
+
+#### ⚠️ Potential Side Effects
+(Any risks or areas that could be affected by this change. If none, say "None identified.")
+
+#### 📚 Related Issues / References
+(Any related issues, docs, or context that helps understand this fix)
+
+Write this as if you're a careful, experienced engineer who wants the reviewer to feel confident merging this PR.
+"""
+
+
+# ── Confidence Self-Evaluation (Stretch feature) ──────────────────────────────
+CONFIDENCE_EVAL_PROMPT = """Review your own analysis and rate your confidence.
+
+## Analysis Summary
+{analysis}
+
+## Self-Evaluation
+
+Rate the following on a scale of 1-10 and explain:
+
+1. **Root Cause Confidence** (1-10): How certain are you the identified root cause is correct?
+2. **Fix Correctness** (1-10): How confident are you the proposed fix will resolve the issue?
+3. **Fix Safety** (1-10): How safe is the fix (no regressions, no side effects)?
+4. **Completeness** (1-10): How complete is your analysis (nothing important missed)?
+
+**Overall Score:** X/10
+
+**Uncertainty Factors:** (What would change your diagnosis?)
+
+**Recommended Next Steps:** (What additional verification would increase confidence?)
+"""

demo/example_output.md

@@ -0,0 +1,151 @@
+# FixFlow Sample Output — FastAPI Bug Analysis
+
+**Issue:** [FastAPI response_model doesn't strip extra fields when using Pydantic v2](https://github.com/tiangolo/fastapi/issues/10876)  
+**Repository:** https://github.com/tiangolo/fastapi  
+**Analysis Time:** 87.3s  
+
+---
+
+## 📋 Step 1: Bug Summary
+
+### 🐛 Error Message
+> "When using `response_model` in FastAPI with Pydantic v2, extra fields defined in the response model are NOT stripped from the response. This breaks the behavior expected from the `response_model_exclude_unset` pattern."
+
+### ✅ Expected Behavior
+When a route has a `response_model` set, FastAPI should filter the response to only include fields defined in that model, stripping any additional fields from the underlying return value.
+
+### ❌ Actual Behavior
+Extra fields from the returned object are included in the JSON response even when a `response_model` is specified. This is a regression from Pydantic v1 behavior.
+
+### 🔁 Reproduction Steps
+1. Install `fastapi>=0.100.0` with `pydantic>=2.0.0`
+2. Define a route: `@app.get("/users/{id}", response_model=UserOut)`
+3. Return a `UserDB` object with extra fields not in `UserOut`
+4. Observe: response includes the extra fields
+
+### 🎯 Affected Components
+- `fastapi/routing.py` — route handler serialization logic
+- `fastapi/_compat.py` — Pydantic v1/v2 compatibility layer
+- `fastapi/encoders.py` — JSON encoding pipeline
+
+### 🔍 Key Technical Clues
+- Introduced after Pydantic v2 migration
+- `_get_value()` in `fastapi/_compat.py` changed behavior for model instances
+- The `model_dump(exclude_unset=True)` call may not be filtering correctly
+
+### 💡 Hypothesis
+The Pydantic v2 compatibility layer in `_compat.py` is not correctly calling `model_dump()` with the `include`/`exclude` parameters that respect the `response_model` field constraints. The v2 migration changed how model field serialization works.
+
+---
+
+## 🔍 Step 2: Relevant Files
+
+### 📁 Relevant Files (Ranked by Suspicion)
+
+**1. `fastapi/_compat.py`**
+- **Relevance score:** 10/10
+- **Why relevant:** This is the Pydantic v1/v2 compatibility shim. All serialization changes went through here during the v2 migration.
+- **What to look for:** `_get_value()`, `serialize_response()`, any calls to `model_dump()`
+
+**2. `fastapi/routing.py`**
+- **Relevance score:** 9/10  
+- **Why relevant:** Contains `serialize_response()` calls that apply `response_model` filtering.
+- **What to look for:** `get_request_handler()`, how `response_model_include` and `response_model_exclude` are passed.
+
+**3. `fastapi/encoders.py`**
+- **Relevance score:** 7/10
+- **Why relevant:** `jsonable_encoder()` handles the final conversion to JSON-safe types.
+- **What to look for:** Whether `include`/`exclude` sets are respected for Pydantic v2 models.
+
+---
+
+## 🔬 Step 3: Root Cause Analysis
+
+### Executive Summary
+In `fastapi/_compat.py`, the `_get_value()` function for Pydantic v2 models calls `model_dump()` without passing the `include` parameter derived from the `response_model`'s field set, causing all fields to be serialized instead of only those defined in the response model.
+
+### 🧠 Chain-of-Thought Reasoning
+
+**Step 1: Entry Point**
+A GET request hits a route decorated with `@app.get("/users/{id}", response_model=UserOut)`. FastAPI's `routing.py:get_request_handler()` is invoked, which calls `serialize_response()`.
+
+**Step 2: Execution Trace**
+- `routing.py:serialize_response()` → calls `_compat.py:serialize_response()` with `response_model=UserOut`
+- `_compat.py:serialize_response()` calls `_get_value(response, field=response_model_field, ...)`
+- **Here's the bug:** For Pydantic v2, `_get_value()` calls `value.model_dump()` but does NOT pass `include=field_set` where `field_set` contains only the fields defined in `UserOut`
+
+**Step 3: The Bug**
+In `fastapi/_compat.py`, around line 215, the v2 branch of `_get_value()`:
+```python
+# BUGGY (current):
+return value.model_dump(exclude_unset=exclude_unset, by_alias=by_alias)
+
+# Should be:
+return value.model_dump(
+    include=include,
+    exclude=exclude,
+    exclude_unset=exclude_unset,
+    by_alias=by_alias,
+)
+```
+The `include` parameter (containing the `response_model`'s allowed fields) is accepted as a function argument but silently dropped in the v2 code path.
+
+**Step 4: Why This Causes the Reported Behavior**
+Without the `include` parameter, `model_dump()` serializes ALL fields of the returned object, bypassing the `response_model` restriction. In Pydantic v1, `_get_value()` used `dict()` which was correctly called with `include` — this broke during the v2 migration.
+
+### 📍 Bug Location
+- **File:** `fastapi/_compat.py`
+- **Function/Class:** `_get_value()`
+- **Line(s):** ~215
+- **Type:** Missing parameter pass-through (regression from Pydantic v2 migration)
+
+### 🎯 Confidence Level
+**High** — The bug is clearly a missing parameter in a well-understood code path. The fix is straightforward and surgical.
+
+---
+
+## 🔧 Step 4: Proposed Fix
+
+```diff
+--- a/fastapi/_compat.py
++++ b/fastapi/_compat.py
+@@ -212,7 +212,11 @@ def _get_value(
+         if PYDANTIC_V2:
+             if isinstance(value, BaseModel):
+-                return value.model_dump(exclude_unset=exclude_unset, by_alias=by_alias)
++                # Pass include/exclude to respect response_model field constraints
++                # This was missing after the Pydantic v2 migration (regression fix)
++                return value.model_dump(
++                    include=include,
++                    exclude=exclude,
++                    exclude_unset=exclude_unset,
++                    by_alias=by_alias,
++                )
+```
+
+---
+
+## 📝 Step 5: PR Description
+
+### 📝 Pull Request: Fix response_model field filtering with Pydantic v2
+
+#### 🐛 Problem
+When using FastAPI with Pydantic v2, the `response_model` parameter on route decorators no longer strips extra fields from responses. A route returning a `UserDB` object (with password, internal fields) but declaring `response_model=UserOut` would incorrectly expose the extra fields to clients.
+
+#### 🔍 Root Cause
+During the Pydantic v2 migration, `fastapi/_compat.py`'s `_get_value()` function lost the `include` parameter pass-through in the v2 code path. The `model_dump()` call was not forwarding the field inclusion constraints derived from the `response_model`.
+
+#### 🔧 Solution
+Added `include=include` and `exclude=exclude` parameters to the `model_dump()` call in the Pydantic v2 branch of `_get_value()`. This restores the Pydantic v1 behavior where only `response_model` fields are serialized.
+
+#### 🧪 Testing Recommendations
+1. Create a route returning an object with extra fields, verify response only includes `response_model` fields
+2. Test `response_model_exclude_unset=True` still works correctly
+3. Run existing test suite: `pytest tests/test_response_model.py -v`
+
+#### ⚠️ Potential Side Effects
+None identified. Change only affects the Pydantic v2 code path and is additive — it passes parameters that were already being constructed but not forwarded.
+
+---
+
+*Generated by FixFlow — Autonomous Bug Resolution Agent powered by GLM 5.1 (Z.ai)*

requirements.txt

@@ -0,0 +1,5 @@
+streamlit>=1.30.0
+openai>=1.0.0
+PyGithub>=2.1.0
+requests>=2.31.0
+python-dotenv>=1.0.0