Cortivex Cross-Repository Intelligence

You have access to a cross-repository intelligence system that transfers proven insights between repositories. While cortivex-learn records insights scoped to a single repo, this system promotes high-confidence insights to a global registry, matches them to new repositories by technology fingerprint, and applies them as suggestions -- never as overrides.

Overview

The problem: teams running Cortivex across multiple repositories rediscover the same optimizations independently. A team using Express.js learns that middleware-chain security scanning reduces false positives by 40%. Another Express.js team learns the same thing three weeks later. Cross-repo intelligence eliminates this redundancy by maintaining a global pattern library where anonymized, high-confidence insights are shared across repositories with similar technology profiles.

The system has three layers:

1. Local insights (from cortivex-learn) -- scoped to a single repository. Always authoritative.
2. Global insights (from cross-repo) -- promoted from local insights after anonymization. Treated as suggestions.
3. Pattern library -- curated, community-validated patterns tied to specific technology stacks.

Local always wins. If a global insight contradicts a local insight, the local insight takes precedence without exception.

When to Use

• When onboarding a new repository into Cortivex and you want to bootstrap with relevant insights from similar projects
• When a local insight has been validated across enough runs (10+) that it likely generalizes to other repos with the same tech stack
• When you want to check whether a known optimization pattern exists for your repo's technology profile before running an expensive pipeline
• When sharing anonymized learnings with other teams or the broader community
• When analyzing a monorepo with multiple sub-projects that share technology stacks

When NOT to Use

• For insights that are inherently repo-specific (e.g., "file X has unusual import structure"). These should remain local.
• When the insight depends on proprietary code structure, internal APIs, or business logic that does not generalize.
• When the user has not opted in to sharing. Cross-repo sharing is strictly opt-in.
• For repositories with fewer than 5 pipeline runs. There is not enough local signal to promote.
• When privacy controls have not been verified. Never promote an insight before running privacy_check.

How It Works

Technology Fingerprinting

When a repository is first analyzed, the system generates a technology fingerprint by inspecting:

• Package manifests: package.json, requirements.txt, go.mod, Cargo.toml, pom.xml, Gemfile
• Framework markers: directory structures (src/pages/ for Next.js, app/controllers/ for Rails), config files (.eslintrc, tsconfig.json, django-settings.py)
• Build tools: webpack.config.js, vite.config.ts, Makefile, Dockerfile
• Testing frameworks: jest.config.js, pytest.ini, .mocharc.yml, vitest.config.ts
• CI/CD: .github/workflows/, .gitlab-ci.yml, Jenkinsfile

The fingerprint is a structured profile, not a hash of file contents. No source code is read or stored -- only the presence and type of configuration files.

cortivex_crossrepo({
  action: "fingerprint",
  repo: "/path/to/repo"
})

Response:

{
  "fingerprint": {
    "id": "fp-8a3b2c",
    "primary_language": "typescript",
    "frameworks": ["express", "react"],
    "build_tools": ["webpack", "babel"],
    "test_frameworks": ["jest"],
    "ci_cd": ["github-actions"],
    "package_manager": "npm",
    "monorepo": false,
    "markers": {
      "has_typescript": true,
      "has_orm": true,
      "orm_type": "prisma",
      "has_docker": true,
      "has_linter": true,
      "linter_type": "eslint"
    },
    "confidence": 0.94
  }
}

Similarity Matching

Given a fingerprint, the system finds repositories in the global registry with similar technology profiles and retrieves their applicable insights:

cortivex_crossrepo({
  action: "match",
  fingerprint_id: "fp-8a3b2c",
  min_similarity: 0.70,
  max_results: 10
})

Response:

{
  "matches": [
    {
      "registry_id": "reg-4d5e6f",
      "similarity": 0.92,
      "shared_traits": ["express", "typescript", "prisma", "jest", "github-actions"],
      "differing_traits": ["react vs vue"],
      "applicable_insights": 7,
      "top_insights": [
        {
          "id": "gi-1a2b",
          "type": "reorder",
          "description": "Express.js repos benefit from running SecurityScanner after CodeReviewer because middleware-chain analysis on reviewed code eliminates 40% of false positives",
          "global_confidence": 0.88,
          "observed_in_repos": 23,
          "tech_scope": ["express", "typescript"]
        },
        {
          "id": "gi-3c4d",
          "type": "adjust_config",
          "description": "Prisma-based repos should set scan_depth to deep for SecurityScanner because ORM-generated queries need schema-aware analysis",
          "global_confidence": 0.82,
          "observed_in_repos": 15,
          "tech_scope": ["prisma"]
        }
      ]
    },
    {
      "registry_id": "reg-7g8h9i",
      "similarity": 0.78,
      "shared_traits": ["express", "typescript", "jest"],
      "differing_traits": ["prisma vs sequelize", "webpack vs vite"],
      "applicable_insights": 4
    }
  ]
}

Insight Promotion

Promoting a local insight to the global registry is an explicit, user-initiated action. The system anonymizes the insight before publishing:

cortivex_crossrepo({
  action: "promote",
  insight_id: "ins-7a3b",
  repo: "/path/to/repo"
})

The promotion pipeline:

1. Eligibility check -- Insight must have confidence >= 0.80 and sample_size >= 10.
2. Privacy filter -- Strips file paths, repo names, branch names, author names, code snippets. Retains only structural patterns and technology tags.
3. Generalization -- Converts repo-specific language to tech-stack-scoped language. "In repo X, running CodeReviewer before SecurityScanner..." becomes "In Express.js/TypeScript repos, running CodeReviewer before SecurityScanner..."
4. Deduplication -- Checks if a semantically equivalent insight already exists in the global registry. If so, increases the existing insight's observation count instead of creating a duplicate.
5. Publication -- Adds the anonymized insight to the global registry with the repo's technology fingerprint as scope.

Response:

{
  "status": "promoted",
  "global_insight_id": "gi-1a2b",
  "anonymization_report": {
    "fields_stripped": ["repo_path", "branch_name", "file_paths"],
    "fields_generalized": ["description", "scope"],
    "privacy_score": 1.0
  },
  "deduplicated": false,
  "tech_scope": ["express", "typescript"]
}

Importing Global Insights

When starting work on a new or existing repository, import applicable global insights as local suggestions:

cortivex_crossrepo({
  action: "import",
  repo: "/path/to/repo",
  fingerprint_id: "fp-8a3b2c",
  min_global_confidence: 0.75,
  max_imports: 20
})

Response:

{
  "imported": 5,
  "insights": [
    {
      "local_id": "ins-imported-1",
      "global_id": "gi-1a2b",
      "type": "reorder",
      "description": "Express.js repos benefit from running SecurityScanner after CodeReviewer because middleware-chain analysis on reviewed code eliminates 40% of false positives",
      "global_confidence": 0.88,
      "local_confidence": null,
      "status": "suggestion",
      "source": "global_registry",
      "observed_in_repos": 23
    }
  ],
  "skipped": [
    {
      "global_id": "gi-9x0y",
      "reason": "conflicts_with_local",
      "local_insight_id": "ins-4e5f",
      "explanation": "Local insight contradicts this global insight. Local takes precedence."
    }
  ]
}

Imported insights start