Heal
Deep Runs
Quick diagnosis reads individual files. When the root cause spans multiple files or needs code execution to confirm, escalate to Deep.
Deep runs clone your repo into a sandbox at the exact failing version. The agent traces call chains across files, executes the failure path, and — when it finds the fix — pushes a branch and opens a PR.
What changes with Deep runs
| Without (Quick) | With (Deep) | |
|---|---|---|
| Source access | Reads individual files via GitHub | Full repo clone with code execution |
| Cross-file tracing | No | Follows imports, searches symbols, traces call chains |
| Reproducing failures | No — infers from trace data | Executes the failure path, confirms root cause triggers |
| Fix PRs | Disabled | Writes the fix, verifies the diff, pushes a branch |
Deep runs are required for Fix PRs.
How to trigger
Deep runs are slower, so they only run when you ask. Two ways:
- Pick Deep in the composer — the depth picker next to the message input.
- Escalate from Quick — on any Quick result, click Run in sandbox to re-run with code execution enabled.
Security model
Running code from your repo is a privileged operation. Staso treats it as one.
- Workspace-controlled — enable or disable for the entire workspace from Settings -> Integrations
- Bounded scope — each sandbox is disposable, scoped to a single diagnosis, torn down immediately after
- No ambient secrets — the sandbox sees your repo clone and its declared dependencies only. No workspace credentials, no environment state from other runs.
See also
- Self-Heal overview — how diagnosis and Fix PRs fit together
- Connect GitHub — the GitHub App connection that Deep runs build on