fix: revert team-summary to lightweight queries

buildFromSquad fetches full attachments for every ticket, causing
timeouts on large squads. Revert to SUMMARY_FIELDS queries for
speed. Enrichment/criticality data remains available through
ticket_details, remediation_plan, and blast_radius.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: ernieambrose

skills/pita/SKILL.md

@@ -39,7 +39,7 @@ You have access to the PITA MCP server (Pantheon Intelligent Threat Analyzer) wh
 
 ### By Tool
 
-**team_summary**: Present as a dashboard with tables for severity, SLA health, sources, and trend. Call out anything alarming (high breach rate, zero resolutions, spike in new tickets). When `riskIndicators` has non-zero counts, add a "Risk Indicators" row to the dashboard showing CISA KEV tickets, high EPSS tickets, and internet-exposed tickets. These are high-signal metrics for security/compliance audiences.
+**team_summary**: Present as a dashboard with tables for severity, SLA health, sources, and trend. Call out anything alarming (high breach rate, zero resolutions, spike in new tickets).
 
 **sla_status**: Group breached and approaching separately. Highlight unassigned tickets. Note breachedClosed count as "X additional closed tickets breached SLA during this audit period."
 

src/tools/team-summary.ts

@@ -3,8 +3,7 @@
 import type { JiraClient } from '../clients/jira.js';
 import { SUMMARY_FIELDS, TREND_FIELDS } from '../clients/jira.js';
 import type { TTSClient } from '../clients/tts.js';
-import type { TeamSummary } from '../types/index.js';
-import { buildFromSquad } from '../correlation/engine.js';
+import type { TeamSummary, JiraIssue } from '../types/index.js';
 
 function baseFilter(scope: string, filterId: string): string {
   return scope === 'audit' ? `filter = ${filterId}` : 'project = VUL';
@@ -20,12 +19,17 @@ export async function getTeamSummary(
   const base = baseFilter(scope, auditFilterId);
   const squadClause = squad ? ` AND "Squad" = "${squad}"` : '';
 
-  // Use correlation engine for open tickets (includes enrichment/criticality parsing)
-  const { primaryTickets } = await buildFromSquad(jira, tts, squad, scope);
-
+  // Query open VUL tickets
+  const openJql = `${base}${squadClause} AND status NOT IN (Done, Closed)`;
   // Query closed VUL tickets (for breached-but-closed SLA tracking)
   const closedJql = `${base}${squadClause} AND status IN (Done, Closed)`;
-  const closedResponse = await jira.searchIssues(closedJql, Infinity, SUMMARY_FIELDS);
+
+  const [openResponse, closedResponse] = await Promise.all([
+    jira.searchIssues(openJql, Infinity, SUMMARY_FIELDS),
+    jira.searchIssues(closedJql, Infinity, SUMMARY_FIELDS),
+  ]);
+
+  const issues = openResponse.issues;
 
   // Count by severity
   const bySeverity: Record<string, number> = {
@@ -36,8 +40,8 @@ export async function getTeamSummary(
     unprioritized: 0,
   };
 
-  for (const ticket of primaryTickets) {
-    const severity = ticket.severity.toLowerCase() || 'unprioritized';
+  for (const issue of issues) {
+    const severity = issue.fields.customfield_12500?.value?.toLowerCase() || 'unprioritized';
     if (severity in bySeverity) {
       bySeverity[severity]++;
     } else {
@@ -47,22 +51,27 @@ export async function getTeamSummary(
 
   // Count by source
   const sources = { ghas: 0, wiz: 0 };
-  for (const ticket of primaryTickets) {
-    if (ticket.source === 'ghas') {
+  for (const issue of issues) {
+    const summary = issue.fields.summary.toLowerCase();
+    if (summary.includes('ghas') || summary.includes('dependabot')) {
       sources.ghas++;
-    } else if (ticket.source === 'wiz' || ticket.source === 'wiz-issue') {
+    } else if (summary.includes('wiz')) {
       sources.wiz++;
     }
   }
 
-  // SLA health from enriched tickets (already have SLA from correlation engine)
+  // Get SLA status for open tickets
+  const openKeys = issues.map(i => i.key);
+  const openSlaResults = await tts.getIssueSLABatch(openKeys, 15);
+
   const slaHealth = { breached: 0, breachedClosed: 0, approaching: 0, within: 0 };
-  for (const ticket of primaryTickets) {
-    if (ticket.sla?.status === 'breached') {
+  for (const [_key, slaResponse] of openSlaResults) {
+    const status = tts.parseSLAStatus(slaResponse);
+    if (status.status === 'breached') {
       slaHealth.breached++;
-    } else if (ticket.sla?.status === 'approaching') {
+    } else if (status.status === 'approaching') {
       slaHealth.approaching++;
-    } else if (ticket.sla?.status === 'within') {
+    } else if (status.status === 'within') {
       slaHealth.within++;
     }
   }
@@ -78,21 +87,6 @@ export async function getTeamSummary(
     }
   }
 
-  // Aggregate enrichment counts from parsed attachments
-  let cisaKevTickets = 0;
-  let highEpssTickets = 0;
-  let internetExposedTickets = 0;
-
-  for (const ticket of primaryTickets) {
-    if (ticket.enrichment) {
-      if (ticket.enrichment.cisaKevCount > 0) cisaKevTickets++;
-      if (ticket.enrichment.highEpssCount > 0) highEpssTickets++;
-    }
-    if (ticket.criticality) {
-      if (ticket.criticality.hasInternetExposure) internetExposedTickets++;
-    }
-  }
-
   // Calculate 7-day trend
   const sevenDaysAgo = new Date();
   sevenDaysAgo.setDate(sevenDaysAgo.getDate() - 7);
@@ -116,15 +110,10 @@ export async function getTeamSummary(
 
   return {
     squad: squad || 'All PDE',
-    openCount: primaryTickets.length,
+    openCount: issues.length,
     bySeverity,
     slaHealth,
     sources,
     trend7d,
-    riskIndicators: {
-      cisaKevTickets,
-      highEpssTickets,
-      internetExposedTickets,
-    },
   };
 }

src/types/index.ts

@@ -119,11 +119,6 @@ export interface TeamSummary {
     resolved: number;
     net: number;
   };
-  riskIndicators: {
-    cisaKevTickets: number;
-    highEpssTickets: number;
-    internetExposedTickets: number;
-  };
 }
 
 export interface RemediationGroup {