Context

GitLab has deployed a binary classifier to predict whether a merge request will cause a production incident within 7 days of deployment. The model is used in CI/CD to trigger extra review steps for high-risk changes. Incidents are rare, so the dataset is highly imbalanced.

The current model was trained on 1.2M historical merge requests, with a positive rate of 1.8%. On the latest validation set, the team reports strong overall accuracy, but SRE and engineering managers say too many incident-causing merge requests are still passing through without additional review.

Current Performance

The Problem

The model looks strong if judged by accuracy alone, but the business outcome is poor: many risky merge requests are not being escalated. You need to explain how to evaluate this model correctly on an imbalanced dataset, which metrics matter most, and what changes you would recommend.

Requirements

1. Explain why accuracy is misleading in this setting.
2. Prioritize the evaluation metrics you would use and justify them.
3. Interpret the current metrics and diagnose the model's failure mode.
4. Recommend how you would tune the decision threshold.
5. Propose validation and monitoring steps before changing rollout policy.

Constraints

• Extra review adds ~20 minutes of developer latency per flagged merge request.
• Missing a true risky merge request can lead to production incidents and customer impact.
• The model is used inside GitLab CI/CD, so threshold changes affect review volume immediately.