Discussion: mirror Area into a native field and add suggestion-only AI triage over the post-#948 residual

[isaacschepp]

Context / Problem

This is a forward-looking design discussion (hence Discussion), not a defect. It asks whether the Area classification axis should stay label-only or graduate to GitHub's native structured metadata, and whether opt-in AI triage is worth adding once the labeler is fixed.

Two observations motivate it:

1. The org already uses native Issue Types. genealogix exposes types {Task, Bug, Feature, Enhancement, Infrastructure, Discussion} and they are applied across the tracker. That means the historical kind-of-work axis is increasingly served natively — and Area is now the one classification axis still living entirely on labels (sourced from .github/issue-areas.yml, applied by .github/workflows/issue-labeler.yml). Area is a textbook single-select, which makes it the natural candidate to mirror into a native field if/when that buys us better filtering.

2. The needs-triage residual is tiny once the labeler is fixed. 72 issues currently carry needs-triage, but 67 are issue-labeler false positives (see the additive-needs-triage bug filed in this review); only 5 are genuinely unclassified (Analyze output passes attacker-controlled YAML names through ESC bytes to the terminal #925, GEDCOM import: preserve Ancestry media _OID (OBJE media object id) instead of dropping it #944, fix: media path containment follows symlinks out of the archive directory (glx view + copyMediaFile) #972, Several standard source types downgrade to "other" on GLX→GEDCOM→GLX round-trip #1005, fix: ExtractFirstYear reads day-of-month as year for non-ISO Gregorian dates #1025). After that fix lands, the true residual is small — which is exactly the scope where opt-in AI assistance is worth it, and only there.

Guiding constraint: the project's SLSA/Scorecard posture means preview / GitHub-hosted features must not become load-bearing. .github/issue-areas.yml stays the single source of truth; any native field is a filterable mirror, never the canonical store.

Proposal / Recommendation

Three related, sequenced options to evaluate. Keep issue-areas.yml canonical throughout.

(A) Mirror Area into a native single-select (Projects custom field, and/or an org-level Issue Field if/when that reaches GA).

• Options sourced from issue-areas.yml, kept in sync; the labeler/automation sets the field alongside the existing label so Area is filterable in board/native views without inventing a parallel taxonomy.
• Decide explicitly what the legacy kind label (tooling) still buys us now that the native Infrastructure type covers much of that axis — this connects to the taxonomy-redesign discussion filed in this review.
• Treat any native field as a mirror; do not retire the YAML source.

(B) Suggestion-only AI triage over the residual — sequenced AFTER the labeler fix.

• Run only after the additive-needs-triage bug is fixed, so it sees the true ~5-item residual, not the ~67 false positives.
• Label-triggered (e.g. a request ai triage label), never on issues: opened — keep it off the hot path.
• If adopted, use a SHA-pinned GitHub Models / AI-inference action with least-privilege permissions (models: read, issues: write only if it writes a label/comment). Confirm the action's current pinned release at adoption time rather than trusting a hard-coded version here.
• Suggestion-only: post a suggested area as a comment or an ai-suggested-area:* label and leave needs-triage in place until a human confirms. Human-in-the-loop is mandatory.
• Never let the model override an explicit human Area selection — issue.body is attacker-controllable, so treat AI triage as a prompt-injection surface and keep it advisory only.
• Depends on routing security/embargoed reports off the public tracker (config.yml: add contact_links to route questions, chat, and security off the issue tracker #884) so the model never sees embargoed report bodies.

(C) If area/* label namespacing is ever adopted, fold it into a labels-as-code migration, not standalone.

• Store bare values in issue-areas.yml; sync them as area/<value> labels via a manifest (the labels-as-code option discussed on issue-labeler: a valid Area whose repo label is missing hard-fails gh --add-label (drift check guards options, not label existence) #946).
• The whole-tracker relabel cost only pays off if amortized into that cutover — do the labels + issue relabel in one atomic pass to avoid double-relabeling and broken saved filters.

Acceptance criteria

• Decision recorded on whether Area becomes a native single-select (Projects field now / org Issue Field at GA) or stays label-only — with issue-areas.yml remaining canonical regardless.
• If (A) proceeds: a native Area field exists with options synced from issue-areas.yml, set alongside the label; the role of the legacy tooling/kind label vs. the native Infrastructure type is documented.
• (B), if adopted: label-triggered only (no issues: opened), SHA-pinned action, least-privilege permissions, suggestion-only (comment or ai-suggested-area:*), leaves needs-triage until a human confirms, never overrides an explicit Area selection.
• (B) is sequenced after the labeler needs-triage fix (true residual) and config.yml: add contact_links to route questions, chat, and security off the issue tracker #884 (no embargoed bodies reach the model).
• (C) any area/* namespacing rides the labels-as-code cutover in one atomic relabel pass, not standalone.
• No preview / GitHub-hosted feature becomes load-bearing for the canonical archive (SLSA/Scorecard posture preserved).

Relates to

• Sequenced after: issue-labeler: land the deferred form-aware labeler swap — id-keyed form parsing instead of the awk markdown parse (#915 groundwork) #948 (form-aware labeler swap — narrows the residual), config.yml: add contact_links to route questions, chat, and security off the issue tracker #884 (route security/questions off-tracker — keeps embargoed bodies away from any model).
• Connects to: the Area-taxonomy redesign and the labels-as-code option on issue-labeler: a valid Area whose repo label is missing hard-fails gh --add-label (drift check guards options, not label existence) #946 (part C rides that cutover).
• Builds on closed groundwork: issue-labeler: single source of truth for Area options, robust parsing, and a triage fallback #885 (single source of truth for Area options), feature_request.yml: separate Feature vs Enhancement intake and surface the spec-change proposal path #887 (Feature vs Enhancement intake).
• Adjacent labeler/drift work: issue-labeler: a valid Area whose repo label is missing hard-fails gh --add-label (drift check guards options, not label existence) #946, issue-labeler + templates-drift: revert the YAML read from system PyYAML to the manifest-pinned yq (the #915 switch inverted the reliability argument) #947, issue-templates-drift.yml: drift check hard-codes the 3 template paths while its trigger globs ISSUE_TEMPLATE/*.yml — a 4th template's Area dropdown drifts unchecked #949, issue-templates-drift.yml: add a concurrency group (the lone PR-triggered workflow without one) #950, ci: add zizmor + actionlint static analysis for workflow files #928, ci: set persist-credentials: false on read-only checkout steps (artipacked hardening) #945, .github/CLAUDE.md: document the three CI drift gates (docs-cli, schema warn-vs-fail, issue-areas.yml) for editing agents #1048.

Filed from a forward-looking 2026 review of the issue-intake subsystem. The native-feature specifics above are deliberately hedged — confirm current GitHub feature availability and action pin versions at adoption time.

---

Part of a focused review of .github/issue-areas.yml and its labeling machinery; taxonomy hub: #1062.