CodeQual

Evolution Advisory

Project: aws/aws-cdk

Period: Sep 11, 2018 at 11:35 AM to Mar 13, 2026 at 01:32 PM

Advisory ID: 9f08afd2e3f419c0

Generated: Mar 14, 2026 at 02:23 PM

Executive Summary

7
Significant Changes
4
Areas Affected
28
Patterns Matched
0
New Observations

Affected areas: ⚙️ CI / Build 📦 Dependencies 🚀 Deployment 📝 Version Control

Based on 20 prior commits

What EE Can See

6 connected, 1 available

⚙️
CI / Build
via GitHub Actions
Active
📦
Dependencies
via npm
Active
📝
Version Control
via Git
Active
🚀
Deployment
via GitHub Releases
Active
🔒
Security
via GitHub Security
Platform Mismatch
GITLAB_TOKEN is set but remote points to github. Setup guide →
🧪
Testing
via Jest
Connected
Token set. This data is analyzed automatically when running via GitHub Action or GitLab CI. Setup guide →
Codecov
Not Connected
Detected: codecov.yml found. Install evo-adapter-codecov or check docs/guides/INTEGRATIONS.md for setup.

Key Findings

What Changed in Your Codebase

We've detected 7 changes that differ from your project's normal patterns. Each change shows what typically happens versus what we observed this time.

0 of 7 resolved
📝
Files Changed
Version Control
What this means: More files changed than usual in this commit.
Typical:
2.00
This Time:
21,446
14464.0x above typical range
Trigger: bdc49526 Merge remote-tracking branch 'origin/main' into merge-back/2
↘ Returned to baseline
Supporting Evidence
⚠️ Action Required

when CI builds and code changes happen together, file count and build time tend to move together.

What this means: Commits are touching more files than usual, increasing review burden and risk of regressions. Escalated from Worth Monitoring — multiple correlated patterns converge on the same signal families.
Recommendation: Monitor PR sizes. If this persists, investigate whether large refactors need better decomposition.
⚠️ Action Required

when deployments and code changes happen together, file count and release frequency tend to move together.

What this means: Commits are touching more files than usual, increasing review burden and risk of regressions. Escalated from Worth Monitoring — multiple correlated patterns converge on the same signal families.
Recommendation: Monitor PR sizes. If this persists, investigate whether large refactors need better decomposition.
👁️ Worth Monitoring

when code changes occur, file count tends to increase.

What this means: Commits are touching more files than usual, increasing review burden and risk of regressions.
Recommendation: Monitor PR sizes. If this persists, investigate whether large refactors need better decomposition.
Drift Investigation Prompt 
Development pattern shift detected in Version Control.\n\nSIGNAL: Files Changed is 14464.0x above the typical baseline (observed: 21,446, typical: 2.00).\nTRIGGER COMMIT: bdc49526 — Merge remote-tracking branch 'origin/main' into merge-back/2.72.1\n\nFILES CHANGED IN TRIGGER (21446):\n  - CONTRIBUTING.md\n  - buildspec-pr.yaml\n  - buildspec-remodel.yaml\n  - buildspec.yaml\n  - packages/@aws-cdk-testing/cli-integ/tests/cli-integ-tests/cli.integtest.ts\n  - packages/@aws-cdk-testing/framework-integ/.eslintrc.js\n  - packages/@aws-cdk-testing/framework-integ/.gitignore\n  - packages/@aws-cdk-testing/framework-integ/.npmignore\n  - packages/@aws-cdk-testing/framework-integ/LICENSE\n  - packages/@aws-cdk-testing/framework-integ/NOTICE\n  - packages/@aws-cdk-testing/framework-integ/package.json\n  - packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.cognito-authorizer.d.ts\n  - packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.cognito-authorizer.js\n  - packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.cognito-authorizer.js.snapshot/CognitoUserPoolsAuthorizerInteg.assets.json\n  - packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.cognito-authorizer.js.snapshot/CognitoUserPoolsAuthorizerInteg.template.json\n  ... and 21431 more\n\nRECENT COMMITS (20 total, showing top 5):\n  b2c30430 — chore(release): 1.40.0

see CHANGELOG (167 files)\n  dadc9d12 — chore: integ test flakiness (#8124)

Stacks that are being d (1 files)\n  27164608 — chore(release): 1.41.0
 (2 files)\n  9e071d2e — chore(release): 1.41.0 (#8125)

see CHANGELOG (85 files)\n  0028778c — chore(cloudtrail): better typed event selector apis (#8097)
 (7 files)\n  ... and 15 more commits\n\nCORRELATED PATTERNS:\n  [CRITICAL] when CI builds and code changes happen together, file count and build time tend to move together.\n    → Monitor PR sizes. If this persists, investigate whether large refactors need better decomposition.\n  [CRITICAL] when deployments and code changes happen together, file count and release frequency tend to move together.\n    → Monitor PR sizes. If this persists, investigate whether large refactors need better decomposition.\n  [WATCH] when code changes occur, file count tends to increase.\n    → Monitor PR sizes. If this persists, investigate whether large refactors need better decomposition.\n\nINVESTIGATE:\n1. Was this change intentional or did the AI drift from goals?\n2. Review commit bdc49526 — what specifically caused the deviation?\n3. Suggest a course correction (not a bug fix — a realignment).\n\nAFTER FIX:\nRun `evo analyze . --verify` to re-analyze and compare against this run.\nIf the change was intentional, no fix needed — accept it in the report.
Use with: Cursor — paste in chat Claude Code — paste in terminal Copilot — paste in chat panel
After investigation:
  1. AI suggests fixes → apply the changes to your code
  2. Run evo analyze . --verify to re-analyze and compare against this run
  3. If the change was intentional, click Accept above to dismiss it
Show technical details

The files touched for this change was 21,446. Historically, similar changes had a value of 2.00 ± 1.00.

📝
Change Locality
Version Control
What this means: The changed files don't usually change together, suggesting a cross-cutting modification.
Typical:
0.9993
This Time:
0.0000
998.9x below typical range
Trigger: 9eedaa09 chore: note about code snippets that uses consumers (#17645)
↘ Returned to baseline
Supporting Evidence
⚠️ Action Required

when CI builds and code changes happen together, change focus and build time tend to move together.

What this means: Changes span files that don't normally change together, suggesting cross-cutting concerns that may be harder to test. Escalated from Worth Monitoring — multiple correlated patterns converge on the same signal families.
Recommendation: Review whether these cross-cutting changes have adequate test coverage.
Drift Investigation Prompt 
Development pattern shift detected in Version Control.\n\nSIGNAL: Change Locality is 998.9x below the typical baseline (observed: 0.0000, typical: 0.9993).\nTRIGGER COMMIT: 9eedaa09 — chore: note about code snippets that uses consumers (#17645)\n\nFILES CHANGED IN TRIGGER (1):\n  - CONTRIBUTING.md\n\nRECENT COMMITS (20 total, showing top 5):\n  b2c30430 — chore(release): 1.40.0

see CHANGELOG (167 files)\n  dadc9d12 — chore: integ test flakiness (#8124)

Stacks that are being d (1 files)\n  27164608 — chore(release): 1.41.0
 (2 files)\n  9e071d2e — chore(release): 1.41.0 (#8125)

see CHANGELOG (85 files)\n  0028778c — chore(cloudtrail): better typed event selector apis (#8097)
 (7 files)\n  ... and 15 more commits\n\nCORRELATED PATTERNS:\n  [CRITICAL] when CI builds and code changes happen together, change focus and build time tend to move together.\n    → Profile the build pipeline to identify bottlenecks. Check for newly added expensive tests or build steps.\n    → Review whether these cross-cutting changes have adequate test coverage.\n\nINVESTIGATE:\n1. Was this change intentional or did the AI drift from goals?\n2. Review commit 9eedaa09 — what specifically caused the deviation?\n3. Suggest a course correction (not a bug fix — a realignment).\n\nAFTER FIX:\nRun `evo analyze . --verify` to re-analyze and compare against this run.\nIf the change was intentional, no fix needed — accept it in the report.
Use with: Cursor — paste in chat Claude Code — paste in terminal Copilot — paste in chat panel
After investigation:
  1. AI suggests fixes → apply the changes to your code
  2. Run evo analyze . --verify to re-analyze and compare against this run
  3. If the change was intentional, click Accept above to dismiss it
Show technical details

The change locality for this change was 0.0000. Historically, similar changes had a value of 0.9993 ± 0.0007.

📝
Co-change Novelty
Version Control
What this means: Unusually low novelty — changes are more repetitive than normal, touching only well-known file combinations.
Typical:
1.00
This Time:
0.0000
587.2x below typical range
Trigger: 2e797b5a Revert "fix(certificatemanager): unable to set removal polic
↘ Returned to baseline
Supporting Evidence
⚠️ Action Required

when CI builds and code changes happen together, novelty of file pairings and build time tend to move together.

What this means: File co-change novelty is unusually low. While familiar patterns reduce risk, this could indicate repetitive or mechanical changes rather than normal development. Escalated from Needs Attention — multiple correlated patterns converge on the same signal families.
Recommendation: Review whether recent commits are routine maintenance or a sign of narrow, repetitive modifications that lack expected variety.
ℹ️ Informational

when deployments and code changes happen together, novelty of file pairings tends to move in opposite directions.

What this means: File co-change novelty is unusually low. While familiar patterns reduce risk, this could indicate repetitive or mechanical changes rather than normal development.
Recommendation: Review whether recent commits are routine maintenance or a sign of narrow, repetitive modifications that lack expected variety.
ℹ️ Informational

when dependency changes and code changes happen together, novelty of file pairings tends to move in opposite directions.

What this means: File co-change novelty is unusually low. While familiar patterns reduce risk, this could indicate repetitive or mechanical changes rather than normal development.
Recommendation: Review whether recent commits are routine maintenance or a sign of narrow, repetitive modifications that lack expected variety.
Drift Investigation Prompt 
Development pattern shift detected in Version Control.\n\nSIGNAL: Co-change Novelty is 587.2x below the typical baseline (observed: 0.0000, typical: 1.00).\nTRIGGER COMMIT: 2e797b5a — Revert "fix(certificatemanager): unable to set removal policy on DnsValidatedCertificate (#22040)" (#22056)\n\nFILES CHANGED IN TRIGGER (4):\n  - packages/@aws-cdk/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/lib/index.js\n  - packages/@aws-cdk/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/test/handler.test.js\n  - packages/@aws-cdk/aws-certificatemanager/lib/dns-validated-certificate.ts\n  - packages/@aws-cdk/aws-certificatemanager/test/dns-validated-certificate.test.ts\n\nRECENT COMMITS (20 total, showing top 5):\n  b2c30430 — chore(release): 1.40.0

see CHANGELOG (167 files)\n  dadc9d12 — chore: integ test flakiness (#8124)

Stacks that are being d (1 files)\n  27164608 — chore(release): 1.41.0
 (2 files)\n  9e071d2e — chore(release): 1.41.0 (#8125)

see CHANGELOG (85 files)\n  0028778c — chore(cloudtrail): better typed event selector apis (#8097)
 (7 files)\n  ... and 15 more commits\n\nCORRELATED PATTERNS:\n  [CRITICAL] when CI builds and code changes happen together, novelty of file pairings and build time tend to move together.\n    → Investigate which files are being combined unexpectedly. Prioritize testing these changes.\n  [INFO] when deployments and code changes happen together, novelty of file pairings tends to move in opposite directions.\n    → Review whether recent commits are routine maintenance or a sign of narrow, repetitive modifications that lack expected variety.\n  [INFO] when dependency changes and code changes happen together, novelty of file pairings tends to move in opposite directions.\n    → Review whether recent commits are routine maintenance or a sign of narrow, repetitive modifications that lack expected variety.\n\nINVESTIGATE:\n1. Was this change intentional or did the AI drift from goals?\n2. Review commit 2e797b5a — what specifically caused the deviation?\n3. Suggest a course correction (not a bug fix — a realignment).\n\nAFTER FIX:\nRun `evo analyze . --verify` to re-analyze and compare against this run.\nIf the change was intentional, no fix needed — accept it in the report.
Use with: Cursor — paste in chat Claude Code — paste in terminal Copilot — paste in chat panel
After investigation:
  1. AI suggests fixes → apply the changes to your code
  2. Run evo analyze . --verify to re-analyze and compare against this run
  3. If the change was intentional, click Accept above to dismiss it
📦
Total Dependencies
Dependencies
What this means: Dependency count decreased.
Typical:
2,120.0
This Time:
1,802
429.3x below typical range
Trigger: 8b87a637
↘ Returned to baseline
Supporting Evidence
ℹ️ Informational

when dependency changes and deployments happen together, dependency count and release frequency tend to move together.

What this means: Releases are happening more frequently. Faster releases reduce batch size risk but may skip review steps.
Recommendation: Verify that quality gates (testing, review) are still being applied to faster releases.
ℹ️ Informational

when CI builds and dependency changes happen together, dependency count and build time tend to move in opposite directions.

What this means: Builds are running faster than usual. Verify this isn't due to skipped tests or simplified steps.
Recommendation: Confirm test coverage hasn't decreased alongside faster builds.
Drift Investigation Prompt 
Development pattern shift detected in Dependencies.\n\nSIGNAL: Total Dependencies is 429.3x below the typical baseline (observed: 1,802, typical: 2,120.0).\nTRIGGER COMMIT: 8b87a637 — \n\nRECENT COMMITS (20 total, showing top 5):\n  b2c30430 — chore(release): 1.40.0

see CHANGELOG (167 files)\n  dadc9d12 — chore: integ test flakiness (#8124)

Stacks that are being d (1 files)\n  27164608 — chore(release): 1.41.0
 (2 files)\n  9e071d2e — chore(release): 1.41.0 (#8125)

see CHANGELOG (85 files)\n  0028778c — chore(cloudtrail): better typed event selector apis (#8097)
 (7 files)\n  ... and 15 more commits\n\nCORRELATED PATTERNS:\n  [WATCH] when dependency changes and deployments happen together, dependency count and release frequency tend to move together.\n    → Audit new dependencies for necessity, maintenance status, and known vulnerabilities.\n  [INFO] when CI builds and dependency changes happen together, dependency count and build time tend to move in opposite directions.\n    → Confirm test coverage hasn't decreased alongside faster builds.\n\nINVESTIGATE:\n1. Was this change intentional or did the AI drift from goals?\n2. Review commit 8b87a637 — what specifically caused the deviation?\n3. Suggest a course correction (not a bug fix — a realignment).\n\nAFTER FIX:\nRun `evo analyze . --verify` to re-analyze and compare against this run.\nIf the change was intentional, no fix needed — accept it in the report.
Use with: Cursor — paste in chat Claude Code — paste in terminal Copilot — paste in chat panel
After investigation:
  1. AI suggests fixes → apply the changes to your code
  2. Run evo analyze . --verify to re-analyze and compare against this run
  3. If the change was intentional, click Accept above to dismiss it
📝
Change Dispersion
Version Control
What this means: Changes spread across unrelated areas of the codebase.
Typical:
0.0000
This Time:
1.36
427.1x above typical range
Trigger: 5c88ef32 chore: npm-check-updates && yarn upgrade (#19788)
↘ Returned to baseline
Supporting Evidence
⚠️ Action Required

when deployments and code changes happen together, code spread and release frequency tend to move together.

What this means: Changes are spreading across unrelated parts of the codebase. This makes reviews harder and increases the chance of unexpected side effects. Escalated from Worth Monitoring — multiple correlated patterns converge on the same signal families.
Recommendation: Review recent PRs for scope creep. Consider breaking large changes into focused commits.
👁️ Worth Monitoring

when dependency changes and code changes happen together, code spread tends to move together.

What this means: Changes are spreading across unrelated parts of the codebase. This makes reviews harder and increases the chance of unexpected side effects.
Recommendation: Review recent PRs for scope creep. Consider breaking large changes into focused commits.
Drift Investigation Prompt 
Development pattern shift detected in Version Control.\n\nSIGNAL: Change Dispersion is 427.1x above the typical baseline (observed: 1.36, typical: 0.0000).\nTRIGGER COMMIT: 5c88ef32 — chore: npm-check-updates && yarn upgrade (#19788)\n\nFILES CHANGED IN TRIGGER (36):\n  - .github/workflows/yarn-upgrade.yml\n  - package.json\n  - packages/@aws-cdk/app-delivery/package.json\n  - packages/@aws-cdk/aws-applicationautoscaling/package.json\n  - packages/@aws-cdk/aws-autoscaling-common/package.json\n  - packages/@aws-cdk/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/package.json\n  - packages/@aws-cdk/aws-dynamodb-global/lambda-packages/aws-global-table-coordinator/package.json\n  - packages/@aws-cdk/aws-eks/package.json\n  - packages/@aws-cdk/aws-lambda-nodejs/package.json\n  - packages/@aws-cdk/cloud-assembly-schema/NOTICE\n  - packages/@aws-cdk/cloud-assembly-schema/package.json\n  - packages/@aws-cdk/cloudformation-diff/package.json\n  - packages/@aws-cdk/core/package.json\n  - packages/@aws-cdk/cx-api/NOTICE\n  - packages/@aws-cdk/cx-api/package.json\n  ... and 21 more\n\nRECENT COMMITS (20 total, showing top 5):\n  b2c30430 — chore(release): 1.40.0

see CHANGELOG (167 files)\n  dadc9d12 — chore: integ test flakiness (#8124)

Stacks that are being d (1 files)\n  27164608 — chore(release): 1.41.0
 (2 files)\n  9e071d2e — chore(release): 1.41.0 (#8125)

see CHANGELOG (85 files)\n  0028778c — chore(cloudtrail): better typed event selector apis (#8097)
 (7 files)\n  ... and 15 more commits\n\nCORRELATED PATTERNS:\n  [CRITICAL] when deployments and code changes happen together, code spread and release frequency tend to move together.\n    → Review recent PRs for scope creep. Consider breaking large changes into focused commits.\n  [WATCH] when dependency changes and code changes happen together, code spread tends to move together.\n    → Review recent PRs for scope creep. Consider breaking large changes into focused commits.\n\nINVESTIGATE:\n1. Was this change intentional or did the AI drift from goals?\n2. Review commit 5c88ef32 — what specifically caused the deviation?\n3. Suggest a course correction (not a bug fix — a realignment).\n\nAFTER FIX:\nRun `evo analyze . --verify` to re-analyze and compare against this run.\nIf the change was intentional, no fix needed — accept it in the report.
Use with: Cursor — paste in chat Claude Code — paste in terminal Copilot — paste in chat panel
After investigation:
  1. AI suggests fixes → apply the changes to your code
  2. Run evo analyze . --verify to re-analyze and compare against this run
  3. If the change was intentional, click Accept above to dismiss it
⚙️
Build Duration
CI / Build
What this means: Build took longer than usual.
Typical:
26.00
This Time:
4,243.0
111.5x above typical range
Trigger: 9144844f
↘ Returned to baseline
Supporting Evidence
⚠️ Action Required

when CI builds and code changes happen together, change focus and build time tend to move together.

What this means: Builds are taking longer. Slower CI feedback loops reduce developer productivity and delay catching issues. Escalated from Worth Monitoring — multiple correlated patterns converge on the same signal families. Changes span files that don't normally change together, suggesting cross-cutting concerns that may be harder to test. Escalated from Worth Monitoring — multiple correlated patterns converge on the same signal families.
Recommendation: Profile the build pipeline to identify bottlenecks. Check for newly added expensive tests or build steps. Review whether these cross-cutting changes have adequate test coverage.
⚠️ Action Required

when CI builds and code changes happen together, file count and build time tend to move together.

What this means: Commits are touching more files than usual, increasing review burden and risk of regressions. Escalated from Worth Monitoring — multiple correlated patterns converge on the same signal families.
Recommendation: Monitor PR sizes. If this persists, investigate whether large refactors need better decomposition.
⚠️ Action Required

when CI builds and code changes happen together, novelty of file pairings and build time tend to move together.

What this means: Files that don't normally change together are being modified in the same commits. This indicates novel, untested interactions that may introduce bugs. Escalated from Needs Attention — multiple correlated patterns converge on the same signal families.
Recommendation: Investigate which files are being combined unexpectedly. Prioritize testing these changes.
Show 1 more supporting evidence
👁️ Worth Monitoring

when CI builds and dependency changes happen together, dependency count and build time tend to move in opposite directions.

What this means: The dependency count is growing, expanding the supply-chain attack surface and potential for version conflicts.
Recommendation: Audit new dependencies for necessity, maintenance status, and known vulnerabilities.
Drift Investigation Prompt 
Development pattern shift detected in CI / Build.\n\nSIGNAL: Build Duration is 111.5x above the typical baseline (observed: 4,243.0, typical: 26.00).\nTRIGGER COMMIT: 9144844f — \n\nRECENT COMMITS (20 total, showing top 5):\n  b2c30430 — chore(release): 1.40.0

see CHANGELOG (167 files)\n  dadc9d12 — chore: integ test flakiness (#8124)

Stacks that are being d (1 files)\n  27164608 — chore(release): 1.41.0
 (2 files)\n  9e071d2e — chore(release): 1.41.0 (#8125)

see CHANGELOG (85 files)\n  0028778c — chore(cloudtrail): better typed event selector apis (#8097)
 (7 files)\n  ... and 15 more commits\n\nCORRELATED PATTERNS:\n  [CRITICAL] when CI builds and code changes happen together, change focus and build time tend to move together.\n    → Profile the build pipeline to identify bottlenecks. Check for newly added expensive tests or build steps.\n    → Review whether these cross-cutting changes have adequate test coverage.\n  [CRITICAL] when CI builds and code changes happen together, file count and build time tend to move together.\n    → Monitor PR sizes. If this persists, investigate whether large refactors need better decomposition.\n  [CRITICAL] when CI builds and code changes happen together, novelty of file pairings and build time tend to move together.\n    → Investigate which files are being combined unexpectedly. Prioritize testing these changes.\n  [INFO] when CI builds and dependency changes happen together, dependency count and build time tend to move in opposite directions.\n    → Confirm test coverage hasn't decreased alongside faster builds.\n\nINVESTIGATE:\n1. Was this change intentional or did the AI drift from goals?\n2. Review commit 9144844f — what specifically caused the deviation?\n3. Suggest a course correction (not a bug fix — a realignment).\n\nAFTER FIX:\nRun `evo analyze . --verify` to re-analyze and compare against this run.\nIf the change was intentional, no fix needed — accept it in the report.
Use with: Cursor — paste in chat Claude Code — paste in terminal Copilot — paste in chat panel
After investigation:
  1. AI suggests fixes → apply the changes to your code
  2. Run evo analyze . --verify to re-analyze and compare against this run
  3. If the change was intentional, click Accept above to dismiss it
Show technical details

The run duration for this change was 4,243.0. Historically, similar changes had a value of 26.00 ± 25.50.

🚀
Release Cadence
Deployment
What this means: Longer time between releases than usual.
Typical:
21.36
This Time:
395.3
12.6x above typical range
Trigger: a87259fa
↘ Returned to baseline
Supporting Evidence
⚠️ Action Required

when deployments and code changes happen together, code spread and release frequency tend to move together.

What this means: Changes are spreading across unrelated parts of the codebase. This makes reviews harder and increases the chance of unexpected side effects. Escalated from Worth Monitoring — multiple correlated patterns converge on the same signal families.
Recommendation: Review recent PRs for scope creep. Consider breaking large changes into focused commits.
⚠️ Action Required

when deployments and code changes happen together, file count and release frequency tend to move together.

What this means: Commits are touching more files than usual, increasing review burden and risk of regressions. Escalated from Worth Monitoring — multiple correlated patterns converge on the same signal families.
Recommendation: Monitor PR sizes. If this persists, investigate whether large refactors need better decomposition.
👁️ Worth Monitoring

when dependency changes and deployments happen together, dependency count and release frequency tend to move together.

What this means: The dependency count is growing, expanding the supply-chain attack surface and potential for version conflicts.
Recommendation: Audit new dependencies for necessity, maintenance status, and known vulnerabilities.
Drift Investigation Prompt 
Development pattern shift detected in Deployment.\n\nSIGNAL: Release Cadence is 12.6x above the typical baseline (observed: 395.3, typical: 21.36).\nTRIGGER COMMIT: a87259fa — \n\nRECENT COMMITS (20 total, showing top 5):\n  b2c30430 — chore(release): 1.40.0

see CHANGELOG (167 files)\n  dadc9d12 — chore: integ test flakiness (#8124)

Stacks that are being d (1 files)\n  27164608 — chore(release): 1.41.0
 (2 files)\n  9e071d2e — chore(release): 1.41.0 (#8125)

see CHANGELOG (85 files)\n  0028778c — chore(cloudtrail): better typed event selector apis (#8097)
 (7 files)\n  ... and 15 more commits\n\nCORRELATED PATTERNS:\n  [CRITICAL] when deployments and code changes happen together, code spread and release frequency tend to move together.\n    → Review recent PRs for scope creep. Consider breaking large changes into focused commits.\n  [CRITICAL] when deployments and code changes happen together, file count and release frequency tend to move together.\n    → Monitor PR sizes. If this persists, investigate whether large refactors need better decomposition.\n  [WATCH] when dependency changes and deployments happen together, dependency count and release frequency tend to move together.\n    → Audit new dependencies for necessity, maintenance status, and known vulnerabilities.\n\nINVESTIGATE:\n1. Was this change intentional or did the AI drift from goals?\n2. Review commit a87259fa — what specifically caused the deviation?\n3. Suggest a course correction (not a bug fix — a realignment).\n\nAFTER FIX:\nRun `evo analyze . --verify` to re-analyze and compare against this run.\nIf the change was intentional, no fix needed — accept it in the report.
Use with: Cursor — paste in chat Claude Code — paste in terminal Copilot — paste in chat panel
After investigation:
  1. AI suggests fixes → apply the changes to your code
  2. Run evo analyze . --verify to re-analyze and compare against this run
  3. If the change was intentional, click Accept above to dismiss it
Show technical details

The release cadence hours for this change was 395.3. Historically, similar changes had a value of 21.36 ± 19.98.

Next Steps

1
Investigate

Copy the prompt below and paste it into your AI assistant (Claude Code, Cursor, Copilot, ChatGPT). It will identify root causes and suggest fixes.

2
Fix

Apply the suggested changes. If a deviation was intentional, click Accept on its card above instead.

3
Verify

Run evo analyze . --verify to re-analyze and compare. A verification banner will show which deviations resolved, improved, or persist.

Investigation Prompt

Development drift analysis for aws/aws-cdk (Sep 11, 2018 at 11:35 AM to Mar 13, 2026 at 01:32 PM). DEVIATIONS FROM BASELINE: - Version Control: Files Changed — 2.00 -> 21,446 - Version Control: Change Locality — 0.9993 -> 0.0000 - Version Control: Co-change Novelty — 1.00 -> 0.0000 - Dependencies: Total Dependencies — 2,120.0 -> 1,802 - Version Control: Change Dispersion — 0.0000 -> 1.36 - CI / Build: Build Duration — 26.00 -> 4,243.0 - Deployment: Release Cadence — 21.36 -> 395.3 Click "Show Full Prompt" to see the complete investigation prompt with evidence...
Development drift analysis for aws/aws-cdk (Sep 11, 2018 at 11:35 AM to Mar 13, 2026 at 01:32 PM).

DEVIATIONS FROM BASELINE:

- Version Control / Files Changed: 21,446 (typical: 2.00, 14464.0x above)
- Version Control / Change Locality: 0.0000 (typical: 0.9993, 998.9x below)
- Version Control / Co-change Novelty: 0.0000 (typical: 1.00, 587.2x below)
- Dependencies / Total Dependencies: 1,802 (typical: 2,120.0, 429.3x below)
- Version Control / Change Dispersion: 1.36 (typical: 0.0000, 427.1x above)
- CI / Build / Build Duration: 4,243.0 (typical: 26.00, 111.5x above)
- Deployment / Release Cadence: 395.3 (typical: 21.36, 12.6x above)

RISK PATTERNS (actionable only):

- [Action Required] 4 patterns:
    * when deployments and code changes happen together, file count tends to move together.
    * when CI builds and code changes happen together, file count and build time tend to move together.
    * when deployments and code changes happen together, file count and release frequency tend to move together.
    * when CI builds and code changes happen together, file count tends to move together.
  Impact: Commits are touching more files than usual, increasing review burden and risk of regressions. Escalated from Worth Monitoring — multiple correlated patterns converge on the same signal families.
  Action: Monitor PR sizes. If this persists, investigate whether large refactors need better decomposition.

- [Action Required] 3 patterns:
    * when deployments and code changes happen together, novelty of file pairings tends to move together.
    * when CI builds and code changes happen together, novelty of file pairings and build time tend to move together.
    * when CI builds and code changes happen together, novelty of file pairings tends to move together.
  Impact: Files that don't normally change together are being modified in the same commits. This indicates novel, untested interactions that may introduce bugs. Escalated from Needs Attention — multiple correlated patterns converge on the same signal families.
  Action: Investigate which files are being combined unexpectedly. Prioritize testing these changes.

- [Action Required] when deployments and code changes happen together, change focus and release frequency tend to move together.
  Impact: Time between releases is increasing. This could indicate a bottleneck in the release process or accumulating risk in larger releases. Escalated from Worth Monitoring — multiple correlated patterns converge on the same signal families.
  Action: Check if process changes or staffing issues are delaying releases.

- [Action Required] when CI builds and code changes happen together, change focus and build time tend to move together.
  (2 independent confirmations)
  Impact: Builds are taking longer. Slower CI feedback loops reduce developer productivity and delay catching issues. Escalated from Worth Monitoring — multiple correlated patterns converge on the same signal families.
  Action: Profile the build pipeline to identify bottlenecks. Check for newly added expensive tests or build steps.

- [Action Required] 4 patterns:
    * when deployments and code changes happen together, code spread and release frequency tend to move together.
    * when CI builds and code changes happen together, code spread and build time tend to move together.
    * when deployments and code changes happen together, code spread tends to move together.
    * when CI builds and code changes happen together, code spread tends to move together.
  Impact: Changes are spreading across unrelated parts of the codebase. This makes reviews harder and increases the chance of unexpected side effects. Escalated from Worth Monitoring — multiple correlated patterns converge on the same signal families.
  Action: Review recent PRs for scope creep. Consider breaking large changes into focused commits.

- [Action Required] when CI builds and code changes happen together, change focus tends to move in opposite directions.
  Impact: Changes span files that don't normally change together, suggesting cross-cutting concerns that may be harder to test. Escalated from Worth Monitoring — multiple correlated patterns converge on the same signal families.
  Action: Review whether these cross-cutting changes have adequate test coverage.

- [Worth Monitoring] when dependency changes and deployments happen together, dependency count and release frequency tend to move together.
  (2 independent confirmations)
  Impact: The dependency count is growing, expanding the supply-chain attack surface and potential for version conflicts.
  Action: Audit new dependencies for necessity, maintenance status, and known vulnerabilities.

- [Worth Monitoring] when dependency changes and code changes happen together, change focus tends to move in opposite directions.
  Impact: Changes span files that don't normally change together, suggesting cross-cutting concerns that may be harder to test.
  Action: Review whether these cross-cutting changes have adequate test coverage.

- [Worth Monitoring] when dependency changes and code changes happen together, code spread tends to move together.
  Impact: Changes are spreading across unrelated parts of the codebase. This makes reviews harder and increases the chance of unexpected side effects.
  Action: Review recent PRs for scope creep. Consider breaking large changes into focused commits.

- [Worth Monitoring] when code changes occur, file count tends to increase.
  Impact: Commits are touching more files than usual, increasing review burden and risk of regressions.
  Action: Monitor PR sizes. If this persists, investigate whether large refactors need better decomposition.


COMMITS (20):

  b2c30430 — chore(release): 1.40.0 (167 files)
  dadc9d12 — chore: integ test flakiness (#8124) (1 files)
  27164608 — chore(release): 1.41.0 (2 files)
  9e071d2e — chore(release): 1.41.0 (#8125) (85 files)
  0028778c — chore(cloudtrail): better typed event selector apis (#8097) (7 files)
  facf3a2c — chore(release): 1.42.0 (2 files)
  3b642412 — chore(release): 1.42.0 (#8229) (134 files)
  6a6324dd — chore(release): 1.42.1 (2 files)
  a4797b45 — chore(release): 1.42.1  (#8302) (5 files)
  f26e79aa — chore: revert "(bootstrap): split file/image publishing roles" (#8351) (9 files)
  ... and 10 more

SOURCE FILES CHANGED (50):

  - .github/ISSUE_TEMPLATE/config.yml (modified)
  - .github/ISSUE_TEMPLATE/doc.md (modified)
  - .github/ISSUE_TEMPLATE/general-issues.md (modified)
  - .github/PULL_REQUEST_TEMPLATE.md (modified)
  - .github/workflows/close-stale-issues.yml (modified)
  - .gitpod.yml (modified)
  - .mergify.yml (modified)
  - CHANGELOG.md (modified)
  - CONTRIBUTING.md (modified)
  - README.md (modified)
  - allowed-breaking-changes.txt (modified)
  - lerna.json (modified)
  - packages/@aws-cdk/assert/package.json (modified)
  - packages/@aws-cdk/assets/package.json (modified)
  - packages/@aws-cdk/aws-apigateway/README.md (modified)
  - packages/@aws-cdk/aws-apigateway/lib/base-path-mapping.ts (modified)
  - packages/@aws-cdk/aws-autoscaling/README.md (modified)
  - packages/@aws-cdk/aws-autoscaling/lib/auto-scaling-group.ts (modified)
  - packages/@aws-cdk/aws-autoscaling/test/integ.amazonlinux2.expected.json (modified)
  - packages/@aws-cdk/aws-autoscaling/test/integ.amazonlinux2.ts (modified)
  ... and 30 more

TASKS:

1. ROOT CAUSE: For each deviation, identify the commit(s) that caused it.
   Focus on [Action Required] and [Needs Attention] items first.

2. FIXES: Provide concrete fixes with file paths and code changes.
   Goal: bring metrics back toward baseline without disrupting velocity.

3. PRIORITY: Rank fixes by urgency (immediate vs. next sprint).

4. AFTER FIXING: Run `evo analyze . --verify` to confirm deviations decreased.
   If a change was intentional, accept it: `evo accept . <N>`.

5. FINDING SUMMARIES: At the end, include a section like this:
   ## Finding Summaries
   - [family/metric]: One plain-English sentence for a non-technical reader.
   (This lets the user run `evo enrich . --from response.txt` to store friendly descriptions.)

Expand Your Coverage

Evolution Engine has 44 universal patterns learned from 200+ open-source repositories. The more signal families you connect, the more cross-family patterns can be detected.

Available Adapters

Enable these adapters to unlock additional signal families and cross-family pattern detection.

📊
cobertura
Code Coverage
Code coverage from Cobertura XML reports — line rate, branch rate
Auto-detected from files Setup guide →
🚨
sentry
Error Tracking
Error tracking and release health from Sentry — event count, user impact, unhandled errors
Set SENTRY_AUTH_TOKEN Setup guide →

How to Connect an Adapter

  1. Set the environment variable shown on the adapter card. For example: export GITHUB_TOKEN=$(gh auth token)
  2. For file-based adapters (Testing, Coverage): generate reports in your project first. For example, pytest --junitxml=junit.xml or pytest --cov --cov-report=xml
  3. Run analysis: evo analyze . — new adapters are detected automatically
  4. Verify: evo sources to confirm which adapters are active
Coming soon: CI / Build, Deployment, Feature Flags, Incidents, Monitoring, Quality Gate, Security Scan, Work Items