# AI Triage

`xygeni util ai-triage` runs AI-driven triage against an existing Xygeni issues report and uploads the triage results to the Xygeni platform. It applies the same AI Triage engine used by the UI and by the `--triage` scan flag, but operates on a report that has already been generated.

For an overview of what AI Triage produces (verdict, remediation urgency, remediation complexity), see [AI Triage](/xygeni-administration/platform-administration/projects-management/ai-triage.md).

The command auto-detects the issue kind from the report and supports:

* **SAST** (`code_vulnerability`)
* **IaC** (`iac_flaw`)
* **Secrets** (`secret`)
* **SCA** (`sca_vulnerability`) — accepted on a `deps` report produced with `--include-vulnerabilities`, on a dedicated `sca` report, or on the SCA portion of a combined `scan` report. The command rejects inputs that carry no SCA vulnerabilities.
* **DAST** (`dast_finding`)

Malware reports are not accepted by `util ai-triage` — Malware triage runs at scan time only. See [AI Triage for Malware](/xygeni-administration/platform-administration/projects-management/ai-triage.md#ai-triage-for-malware).

## Synopsis

```
xygeni util ai-triage -d <directory> --report <reportPath>
                      [-i <includePatterns>] [-e <excludePatterns>]
                      [--detectors <detectors>] [--skip-detectors <skipDetectors>]
                      [--issues <issueHashes>] [--skip-issues <issueHashes>]
                      [--name <name>] [--sourceType <sourceType>]
                      [--bot-config <xygeniBotConfigPath>]
```

## Options

### Input files

| Option                              | Description                                                                                                                  |
| ----------------------------------- | ---------------------------------------------------------------------------------------------------------------------------- |
| `-d`, `--dir <directory>`           | The source code directory to analyze. **Required.** Triage uses the source code in this directory as context for the AI.     |
| `-i`, `--include <includePatterns>` | Comma-separated glob patterns of files to include. Use `*` as file wildcard and `**` for any file or directory at any depth. |
| `-e`, `--exclude <excludePatterns>` | Comma-separated glob patterns of files to exclude. Example: `-e '**/test/**,**/build/*.o'`.                                  |

### Issue selection

| Option                             | Description                                                                                                                                                                                                                                                      |
| ---------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `--detectors <detectors>`          | Comma-separated list of detector IDs to triage, a severity (`critical`, `high`, `medium`, `low`, `info`), or `all`. When a severity is provided, that severity and all higher ones are included (for example, `--detectors=high` triages `high` and `critical`). |
| `--skip-detectors <skipDetectors>` | Comma-separated list of detector IDs to ignore, or a severity. Inverse of `--detectors`.                                                                                                                                                                         |
| `--issues <issueHashes>`           | Comma-separated list of specific issue hashes to triage. When provided, only those issues are triaged.                                                                                                                                                           |
| `--skip-issues <issueHashes>`      | Comma-separated list of issue hashes to skip.                                                                                                                                                                                                                    |

### Triage parameters

| Option                               | Description                                                                                                                                                                                                                                       |
| ------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `--report <reportPath>`              | Path to the Xygeni issues report to triage. **Required.** The report format determines the issue kind (SAST, IaC, Secrets, SCA, or DAST) automatically.                                                                                           |
| `--name <name>`                      | Project name to associate with the triage report. When omitted, the project name is read from the report metadata.                                                                                                                                |
| `--sourceType <sourceType>`          | Source type of the project under triage. Defaults to `REPO`.                                                                                                                                                                                      |
| `--bot-config <xygeniBotConfigPath>` | Path to a `xygenibot.yml` file. Used to configure a custom AI provider for the triage. When omitted, the command looks for a `xygenibot.yml` in the source code directory; if none is found, the AI provider configured for your account is used. |

## Examples

Triage all issues in a Xygeni report against the source code in `<dir>`:

```bash
xygeni util ai-triage -d <dir> --report <xygeni_report_path>
```

Triage only the issues reported by a specific detector:

```bash
xygeni util ai-triage -d <dir> --report <xygeni_report_path> --detectors=java.sql_injection
```

Triage only issues at `critical` severity (and any higher severity, if defined):

```bash
xygeni util ai-triage -d <dir> --report <xygeni_report_path> --detectors=critical
```

Triage a specific set of issues by hash:

```bash
xygeni util ai-triage -d <dir> --report <xygeni_report_path> \
    --issues=Ilcmv7Q9WTCVjmO3zHjyGg,Ilcmv7Q9WTCVjmO3zHjyAA
```

Use a custom AI provider via a `xygenibot.yml` configuration file:

```bash
xygeni util ai-triage -d <dir> --report <xygeni_report_path> \
    --bot-config=<path_to_xygenibot.yml>
```

## Custom AI providers

The supported AI providers are:

* **Xygeni** (default)
* **Anthropic**
* **Google Gemini**
* **Groq**
* **OpenAI**
* **OpenRouter**

AI agent settings can be declared in either `xygenibot.yml` (`sast.ai-agents` and `sast.ai-remediation-agent`) or in `xygeni.yml` (top-level `ai-agents` and `ai-agent`). `xygenibot.yml` is consulted first; `xygeni.yml` is used as a fallback for any field not declared in `xygenibot.yml`. The `--bot-config` flag points the command at a specific `xygenibot.yml` location.

See [AI Agents Configuration](/xygeni-products/scan-management/ai-agents-configuration.md) for the full schema and precedence rules.

## Related

* [AI Triage](/xygeni-administration/platform-administration/projects-management/ai-triage.md) — feature overview, UI flows, tags, and funnel integration.
* [Single scan](/xygeni-scanner-cli/xygeni-cli-overview/xygeni-cli-operation-modes/single-scan.md#ai-triage-during-a-scan) — running triage as part of a scan with `--triage`.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.xygeni.io/xygeni-scanner-cli/xygeni-cli-overview/cli-utils/ai-triage.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.