feat: US-002 - Create docgen-arch-002 Istio Pilot discovery architecture doc

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

Author: LoCoBench Bot

benchmarks/ccb_docgen/docgen-arch-002/environment/Dockerfile

@@ -0,0 +1,22 @@
+FROM python:3.11-slim
+
+WORKDIR /workspace
+
+# Install dependencies
+RUN apt-get update && apt-get install -y \
+    git \
+    curl \
+    npm \
+    && rm -rf /var/lib/apt/lists/*
+
+# Install Claude Code CLI
+RUN npm install -g @anthropic-ai/claude-code
+
+# Clone Istio at pinned commit (blobless clone — repo is large)
+RUN git clone --filter=blob:none --no-checkout https://github.com/istio/istio.git . && \
+    git checkout f8af3caeb1960d4cb1db5c4c0d4913c366625c71 && \
+    git config user.email "agent@example.com" && \
+    git config user.name "Agent"
+
+# Create output directories
+RUN mkdir -p /logs/agent /logs/verifier

benchmarks/ccb_docgen/docgen-arch-002/instruction.md

@@ -0,0 +1,58 @@
+# Architecture Document: Istio Pilot Discovery Service
+
+**Repository:** istio/istio
+**Output:** Write your document to `/workspace/documentation.md`
+
+## Task
+
+Produce an architecture document for **Istio Pilot's Discovery Service** subsystem. The document must explain how Pilot serves xDS (Envoy Discovery Service) configuration to proxies, translates Istio's high-level configuration into Envoy-specific resources, integrates with service registries, and supports multi-cluster deployments. Do not simply list APIs — explain the **design**, **data flow**, and **extension points**.
+
+## Scope
+
+Your document must cover these four components and how they work together:
+
+### 1. DiscoveryServer — The xDS gRPC Server
+The central component implementing Pilot's gRPC interface for Envoy's xDS APIs. Explain:
+- How it implements Envoy's xDS v3 protocol (ADS, incremental/state-of-the-world modes)
+- The role of `adsClients` in tracking active proxy connections
+- How configuration pushes are coordinated: debouncing, rate limiting, concurrent push limits
+- Cache management for xDS resources (CDS, LDS, RDS, EDS)
+- The lifecycle: initialization, handling new connections, shutdown
+
+### 2. ADS and the Connection Model
+The Aggregated Discovery Service stream handler. Explain:
+- How `Stream()` establishes a bidirectional gRPC stream with an Envoy proxy
+- The `Connection` type: wrapping the stream with proxy metadata and state
+- Request processing: how `processRequest()` determines what configuration to send
+- Push coordination: how `pushConnection()` transmits updates to a single proxy
+- The `StartPush()` broadcast mechanism for fleet-wide updates
+
+### 3. PushContext — Configuration Snapshot and Translation
+The immutable configuration snapshot used during a push. Explain:
+- What `PushContext` holds: services, destination rules, virtual services, sidecars, gateways
+- How `InitContext()` rebuilds the push context when Istio config changes (CRD watches)
+- Config translation: how Pilot converts Istio's `VirtualService` and `DestinationRule` into Envoy's `RouteConfiguration` and `Cluster` resources
+- The relationship between push triggers (config changes, service registry updates) and push context regeneration
+- Metrics and error tracking during push generation
+
+### 4. Service Registry and Multi-Cluster Support
+The service discovery layer feeding the DiscoveryServer. Explain:
+- How `ServiceRegistry` (Kubernetes controller) watches K8s Services, Endpoints, and Pods
+- The aggregate controller pattern for multi-registry support (K8s services + `ServiceEntry` resources)
+- Multi-cluster support: how Pilot aggregates services from multiple clusters
+- How endpoint updates (pod scale-up, health changes) trigger EDS pushes
+- The relationship between the service registry and xDS: when does a service change trigger CDS vs. EDS?
+
+## Document Requirements
+
+1. **Component Responsibilities** — what each component owns
+2. **Data Flow** — the path from Istio config change → DiscoveryServer → xDS push to Envoy proxies
+3. **Extension Points** — where users extend Istio (custom config translation, external service registries, telemetry plugins)
+4. **Error Handling** — how errors at each stage (config validation, push failures, proxy disconnects) are handled
+5. **Key Source Files** — reference the actual source files in the istio/istio repository (e.g., `pilot/pkg/xds/discovery.go`, `pilot/pkg/model/push_context.go`)
+
+## Anti-Requirements
+
+- Do NOT generate a simple API listing or struct dump
+- Do NOT fabricate type names or file paths that don't exist in the repository
+- Do NOT cover Istio components outside the Pilot discovery path (e.g., Citadel, Galley, sidecar injection)

benchmarks/ccb_docgen/docgen-arch-002/task.toml

@@ -0,0 +1,57 @@
+version = "1.0"
+
+[metadata]
+name = "docgen-arch-002"
+description = "Generate architecture documentation for Istio Pilot's discovery service spanning xDS serving, config translation, service registry, and multi-cluster support"
+license = "Apache-2.0"
+
+[task]
+id = "docgen-arch-002"
+repo = "istio/istio"
+category = "architecture_doc"
+language = "go"
+pre_fix_rev = "f8af3caeb1960d4cb1db5c4c0d4913c366625c71"
+difficulty = "hard"
+time_limit_sec = 1200
+
+[task.metadata]
+complexity_dimension = "architecture_documentation"
+doc_type = "architecture"
+target_subsystem = "Pilot discovery service"
+key_components = ["DiscoveryServer", "ADS", "PushContext", "ServiceRegistry"]
+output_path = "/workspace/documentation.md"
+
+[verification]
+type = "test"
+command = "bash /tests/test.sh"
+reward_type = "checklist"
+description = "Weighted checklist: required topics (0.40), file references (0.25), data flow (0.20), extension points (0.15)"
+
+[environment]
+build_timeout_sec = 900.0
+
+[environment.setup_scripts]
+mcp_config = """#!/bin/bash
+if [ -n "$SOURCEGRAPH_ACCESS_TOKEN" ] && [ -n "$SOURCEGRAPH_URL" ]; then
+  echo "Setting up Sourcegraph MCP configuration..."
+  mkdir -p /root/.config/claude
+  cat > /root/.config/claude/mcp.json << 'EOF'
+{
+  "mcpServers": {
+    "sourcegraph": {
+      "command": "npx",
+      "args": ["-y", "@sourcegraph/mcp-server"],
+      "env": {
+        "SRC_ACCESS_TOKEN": "$SOURCEGRAPH_ACCESS_TOKEN",
+        "SOURCEGRAPH_URL": "$SOURCEGRAPH_URL"
+      }
+    }
+  }
+}
+EOF
+  echo "OK MCP configuration created"
+else
+  echo "No Sourcegraph credentials provided, MCP disabled"
+fi
+exit 0
+"""

benchmarks/ccb_docgen/docgen-arch-002/tests/ground_truth.json

@@ -0,0 +1,170 @@
+{
+  "task_id": "docgen-arch-002",
+  "description": "Istio Pilot Discovery Service Architecture Documentation",
+  "weights": {
+    "required_topics": 0.40,
+    "file_references": 0.25,
+    "data_flow": 0.20,
+    "extension_points": 0.15
+  },
+  "required_topics": [
+    {
+      "id": "t1",
+      "description": "Explains DiscoveryServer as the xDS gRPC server",
+      "patterns": ["DiscoveryServer", "xDS.*server|gRPC.*server|xDS.*gRPC"],
+      "weight": 0.10
+    },
+    {
+      "id": "t2",
+      "description": "Explains ADS (Aggregated Discovery Service)",
+      "patterns": ["ADS|Aggregated.*Discovery.*Service|StreamAggregatedResources"],
+      "weight": 0.10
+    },
+    {
+      "id": "t3",
+      "description": "Explains adsClients or connection tracking",
+      "patterns": ["adsClients|connection.*tracking|active.*connections|proxy.*connections"],
+      "weight": 0.07
+    },
+    {
+      "id": "t4",
+      "description": "Explains debouncing or push coordination",
+      "patterns": ["debounce|debouncing|DebounceOptions|push.*coordination|batch.*updates"],
+      "weight": 0.07
+    },
+    {
+      "id": "t5",
+      "description": "Explains xDS resource types (CDS, LDS, RDS, EDS)",
+      "patterns": ["CDS|LDS|RDS|EDS|ClusterDiscoveryService|ListenerDiscoveryService|RouteDiscoveryService|EndpointDiscoveryService"],
+      "weight": 0.08
+    },
+    {
+      "id": "t6",
+      "description": "Explains Connection type wrapping xDS stream",
+      "patterns": ["Connection.*type|Connection.*struct|stream.*wrapper|proxy.*metadata"],
+      "weight": 0.08
+    },
+    {
+      "id": "t7",
+      "description": "Explains PushContext as configuration snapshot",
+      "patterns": ["PushContext", "configuration.*snapshot|config.*snapshot|immutable.*context"],
+      "weight": 0.10
+    },
+    {
+      "id": "t8",
+      "description": "Explains InitContext or push context regeneration",
+      "patterns": ["InitContext|push.*context.*regen|rebuild.*context|config.*change.*trigger"],
+      "weight": 0.07
+    },
+    {
+      "id": "t9",
+      "description": "Explains config translation (VirtualService, DestinationRule to Envoy resources)",
+      "patterns": ["VirtualService|DestinationRule|RouteConfiguration|Cluster.*resource|config.*translation|Istio.*CRD"],
+      "weight": 0.10
+    },
+    {
+      "id": "t10",
+      "description": "Explains ServiceRegistry or Kubernetes service discovery",
+      "patterns": ["ServiceRegistry|Kubernetes.*controller|K8s.*services|service.*discovery"],
+      "weight": 0.08
+    },
+    {
+      "id": "t11",
+      "description": "Explains aggregate controller or multi-registry support",
+      "patterns": ["aggregate.*controller|multi.*registry|ServiceEntry|external.*services"],
+      "weight": 0.05
+    },
+    {
+      "id": "t12",
+      "description": "Explains multi-cluster support",
+      "patterns": ["multi.*cluster|multicluster|cross.*cluster|remote.*cluster"],
+      "weight": 0.05
+    },
+    {
+      "id": "t13",
+      "description": "Explains endpoint updates triggering EDS pushes",
+      "patterns": ["endpoint.*update|EDS.*push|pod.*scale|health.*change|endpoint.*controller"],
+      "weight": 0.05
+    }
+  ],
+  "file_references": [
+    {
+      "id": "r1",
+      "description": "References discovery.go",
+      "patterns": ["pilot/pkg/xds/discovery\\.go|xds/discovery\\.go"],
+      "weight": 0.25
+    },
+    {
+      "id": "r2",
+      "description": "References ads.go",
+      "patterns": ["pilot/pkg/xds/ads\\.go|xds/ads\\.go"],
+      "weight": 0.20
+    },
+    {
+      "id": "r3",
+      "description": "References push_context.go",
+      "patterns": ["pilot/pkg/model/push_context\\.go|model/push_context\\.go"],
+      "weight": 0.20
+    },
+    {
+      "id": "r4",
+      "description": "References service registry controller files",
+      "patterns": ["pilot/pkg/serviceregistry/kube/controller|serviceregistry.*controller|kube/controller/controller\\.go"],
+      "weight": 0.20
+    },
+    {
+      "id": "r5",
+      "description": "References multicluster files or networking/core config translation",
+      "patterns": ["pilot/pkg/serviceregistry.*multicluster|pilot/pkg/networking/core|networking/core"],
+      "weight": 0.15
+    }
+  ],
+  "data_flow": [
+    {
+      "id": "d1",
+      "description": "Istio config change (CRD watch) -> PushContext rebuild -> DiscoveryServer push queue",
+      "patterns": ["config.*change|CRD.*watch|Kubernetes.*watch", "PushContext|InitContext|rebuild", "push.*queue|push.*trigger|DiscoveryServer"],
+      "ordered": true,
+      "weight": 0.40
+    },
+    {
+      "id": "d2",
+      "description": "DiscoveryServer push -> Connection.pushConnection -> xDS response to Envoy proxy",
+      "patterns": ["DiscoveryServer|push.*coordination", "Connection|pushConnection|stream", "xDS.*response|DiscoveryResponse|Envoy"],
+      "ordered": true,
+      "weight": 0.35
+    },
+    {
+      "id": "d3",
+      "description": "Service registry update (pod scale, health) -> EDS push",
+      "patterns": ["service.*registry|endpoint.*update|pod.*scale|health", "EDS|EndpointDiscoveryService|endpoint.*push"],
+      "weight": 0.25
+    }
+  ],
+  "extension_points": [
+    {
+      "id": "e1",
+      "description": "Custom config translation or CRD extensions",
+      "patterns": ["custom.*CRD|CRD.*extension|config.*translation|VirtualService|DestinationRule|Gateway"],
+      "weight": 0.30
+    },
+    {
+      "id": "e2",
+      "description": "External service registries (ServiceEntry)",
+      "patterns": ["ServiceEntry|external.*service|external.*registry|non.*Kubernetes.*service"],
+      "weight": 0.25
+    },
+    {
+      "id": "e3",
+      "description": "Telemetry plugins or Wasm extensions",
+      "patterns": ["telemetry|Wasm|WebAssembly|EnvoyFilter|extension.*plugin"],
+      "weight": 0.25
+    },
+    {
+      "id": "e4",
+      "description": "Custom generators or xDS resource customization",
+      "patterns": ["[Gg]enerator|custom.*generator|xDS.*customization|XdsResourceGenerator"],
+      "weight": 0.20
+    }
+  ]
+}