Bug Report Generator

Bug Report Draft

Bug title:

Keep it specific enough for triage queues and duplicate searches.

Affected area:

Name the smallest product surface that should own the first triage pass.

Environment:

Record the environment where the bug first appeared and any setup needed to reproduce it.

Steps to reproduce:

One action per line; include special setup only when it changes the result.

Expected behavior:

Keep the expected result separate from the actual observation.

Actual behavior:

Separate facts from guesses so engineers know what was observed.

Severity:

Choose the level that matches user harm before any scheduling decision.

Impact:

Use customer or workflow impact rather than an internal guess at priority.

Reproducibility:

This helps triage distinguish deterministic defects from intermittent signals.

Evidence links or attachments:

One reference per line; keep customer or secret data out of pasted links.

Logs or diagnostics:

Sanitize tokens, email addresses, customer identifiers, and payload secrets before filing.

Workaround:

Use "None known" when there is no reliable workaround.

Regression or first seen:

A narrow first-seen range helps teams find candidate changes faster.

Tracker labels:

These labels are copied into the triage table and JSON without changing the report text.

{{ result.markdown }}

Field	Value	Triage use	Copy
{{ row.field }}	{{ row.value }}	{{ row.use }}

Gate	Status	Review note	Copy
{{ row.gate }}	{{ row.status }}	{{ row.note }}

Embed:

Customize

Include current inputs

Size

Advanced

Width

Height

Aspect ratio

Max height

Collapsible embed

Allow fullscreen

Referrer policy

Sandbox tokens

Bug reports sit between a software failure and the work needed to understand it. They turn a user complaint, tester note, support escalation, or production observation into a record another person can inspect without guessing. The useful part is not the length of the report. It is whether the report gives a triager enough facts to find the affected area, recreate the failure, compare the correct and incorrect behavior, and decide what kind of follow-up is needed.

The smallest strong report usually has five parts: a specific symptom, the environment where it happened, reproduction steps, expected behavior, and actual behavior. Each part answers a different triage question. The title helps people search for duplicates. The environment explains why the failure might only appear for one browser, account role, build, tenant, data state, device, or region. The steps describe the path to the failure. Expected and actual behavior make the mismatch explicit instead of leaving the reader to infer it from a screenshot or error message.

Symptom: The visible failure, wrong result, missing action, crash, error, or blocked workflow.
Environment: The setup that may affect reproduction, such as browser, operating system, app version, account role, tenant, feature flag, or data condition.
Reproduction path: The ordered actions another person follows to trigger the same observation.
Expected and actual: The intended behavior and the observed behavior, kept separate so the defect is easy to compare.
Impact: The user, customer, operational, or technical harm caused by the issue.

Reproducibility and severity are related, but they do not measure the same thing. Reproducibility describes confidence that the same steps trigger the same failure again. Severity describes harm: data loss, security exposure, outage, blocked work, degraded work, confusion, or cosmetic damage. A severe incident observed once still needs careful investigation, while a low-severity visual defect that happens every time may be easier to fix because the path is stable.

Bug report details becoming a ticket draft and readiness checks.

Evidence makes a report credible, but evidence also creates risk. Screenshots, recordings, request identifiers, logs, payload excerpts, customer names, account IDs, and email addresses can help an engineer find the problem. The same details can expose private or secret data if they are copied into a tracker without review. A useful report includes the smallest evidence needed to reproduce or diagnose the issue, with sensitive values replaced by safe placeholders before the report leaves the private testing context.

A bug report is not a root-cause analysis unless the cause has already been proven. Guessing that a cache, deployment, query, permission rule, or browser setting caused the issue can send triage in the wrong direction. The safer report separates facts from suspicion: what was done, what happened, what should have happened, where it happened, who was affected, and what evidence supports the observation.

How to Use This Tool:

Fill the report the way another tester, support engineer, or developer would read it while trying to reproduce the issue.

Enter a Bug title that names the symptom and affected area. Replace vague titles such as "bug", "issue", "broken", or "not working" with a searchable sentence fragment.
Use Affected area for the smallest product surface that can own first triage, then describe the Environment with browser, device, build, account role, tenant, feature flag, or data setup when those details matter.
Write Steps to reproduce as one action per line. Numbered and bulleted prefixes are cleaned up when the Markdown is generated, so focus on the shortest path someone else can follow.
Keep Expected behavior and Actual behavior separate. The mismatch should be clear even if the reader skips the title.
Choose Severity and Reproducibility, then explain Impact in user, customer, workflow, or operational terms.
Open Advanced for evidence, diagnostics, workaround, regression window, and tracker labels. Sanitize logs and links before adding tokens, customer identifiers, payload snippets, or email addresses.
Review Repro Checklist before filing. Fix Needs work rows first, then decide whether Review rows need more evidence, context, or sensitive-data cleanup.

Interpreting Results:

The summary status is a filing-readiness signal. Ready to triage means the core reproduction details and triage context are present. Ready with notes means required details are present, but optional evidence, regression context, impact, or sensitive-data review could improve the handoff. Needs core details means at least one required gate is missing or too weak for a useful first pass.

The generated Ticket Markdown is meant for tracker handoff. It combines the title, affected area, severity, reproducibility, impact, environment, labels, reproduction steps, expected behavior, actual behavior, evidence, diagnostics, workaround, and regression notes into a consistent issue format. Read it once as the recipient would: the steps should flow in order, the expected and actual sections should not repeat each other, and any pasted diagnostics should be safe to share.

The Triage Fields tab turns the same report into rows that are easier to copy into systems with separate fields. Repro Checklist is a report-quality gate, not a guarantee that the product defect is confirmed. JSON is useful when another workflow needs structured report data, but it should receive the same privacy review as the Markdown because it contains the same user-provided details.

Treat Ready rows as structure checks, not proof that the bug is real or fixed.
Use Review rows to add confidence, such as screenshots, request IDs, first-seen dates, or a clearer workaround.
Resolve Needs work rows before filing because missing title, environment, steps, expected behavior, or actual behavior usually delays reproduction.

Technical Details:

Bug-report quality depends on two technical properties: observability and repeatability. Observability means the report captures what was seen, where it was seen, and what evidence supports the observation. Repeatability means another person can follow the same setup and actions closely enough to compare the intended behavior against the observed failure.

The title and component guide routing, but the reproduction path does most of the diagnostic work. A precise path reduces the number of hidden assumptions a tester must reconstruct. Environment details narrow the search space when a defect depends on browser behavior, device constraints, app version, permissions, tenant data, feature flags, cached state, or a recent release. Regression details can further narrow the likely change range, but they should be framed as timing evidence rather than proof of cause.

Severity is a harm label, not a scheduling command. Priority can change later after customer commitments, release timing, duplication, and effort are known. Reproducibility is also not a verdict on importance. It simply records how reliably the observed steps produce the failure, from deterministic to intermittent to not yet retested.

Rule Core:

Bug report readiness rules
Gate	Ready condition	Needs work or review condition
Specific title	The title is at least 12 characters and does not use a generic one-word issue label.	Generic wording such as "bug", "issue", "problem", "broken", "does not work", or "not working" needs replacement.
Environment captured	The environment field contains setup context for first reproduction.	Missing browser, build, device, account, tenant, feature flag, or data setup slows triage.
Reproduction steps	At least two normalized steps are available.	One step is marked for review; no steps need work.
Expected vs actual split	Both expected behavior and actual behavior are filled.	Missing either side makes the failure ambiguous.
Impact and severity	Impact explains why the chosen severity matters.	Missing impact is review-level because severity alone does not explain user harm.
Evidence attached	Evidence links, attachments, or diagnostics are present.	Missing evidence is review-level because some simple reports can still be reproducible without attachments.
Regression context	A first-seen date, affected build, release range, or last known good version is documented.	Missing regression context is review-level because many bugs are still actionable without it.
Sensitive data scrub	No obvious token, password, bearer string, API-key phrase, or email-address pattern appears in evidence fields.	Potential secret or personal-data patterns are marked for review before filing.

Transformation Core:

The report text is assembled from the current field values. Blank lines are ignored in list-style fields, reproduction steps are trimmed, simple list prefixes are removed, and the final steps are renumbered. Diagnostics are kept in a plain text block so short log excerpts remain readable, and accidental closing code fences are neutralized before the Markdown report is copied or downloaded.

Bug report output fields and use
Output	What it carries	How to verify it
Ticket Markdown	Tracker-ready report with triage, steps, expected behavior, actual behavior, evidence, diagnostics, workaround, and regression sections.	Read it as a reviewer would and confirm no secret, customer, or personal data remains.
Triage Fields	Compact field table for queue title, owner routing, severity, reproducibility, environment, impact, evidence, workaround, regression, and labels.	Compare the rows with the required fields in your tracker.
Repro Checklist	Readiness gates with Ready, Review, or Needs work status.	Fix required gates first, then decide whether review rows need more evidence.
JSON	Structured copy of the report, readiness state, checklist, and Markdown.	Use it only after the human-readable report is safe to file.

The readiness rules do not inspect the product, run the reproduction path, search for duplicates, or confirm a root cause. They check whether the report contains the minimum information a tester, support engineer, or developer usually needs before spending time on reproduction.

Privacy and Filing Notes:

The report is generated in the browser from the values currently on the page. Copying and downloading use browser features, so the bug details do not need to be sent to a server to create the Markdown, CSV, DOCX, or JSON outputs. The next risk appears when the finished report is pasted into a tracker, chat, email, or shared document.

Paste only the smallest evidence needed to reproduce or diagnose the issue.
Replace tokens, passwords, API keys, private URLs, customer identifiers, and email addresses with safe placeholders.
Treat the sensitive-data row as a reminder. It scans evidence and diagnostics for obvious token, password, bearer-string, API-key, and email patterns, but it cannot prove that every screenshot, log line, or payload excerpt is safe.
File security vulnerabilities through the project's security process rather than a normal public issue queue.

Worked Examples:

Ready report for a blocked admin workflow. A title such as Retry export button stays disabled after failed export names both symptom and affected area. The report includes browser and build details, four ordered steps, the expected confirmation dialog, the actual disabled-button behavior, Major severity, Always with these steps, and a short impact statement explaining that admins must ask support to recreate exports. The checklist should mark the core gates ready.

Intermittent issue with weak steps. A support agent chooses Intermittent / sometimes and writes only "Open the dashboard" under Steps to reproduce. The checklist should ask for review because one action rarely captures account state, data setup, navigation, timing, or the exact trigger. Add the role, relevant page, data condition, and final action that makes the symptom appear.

Privacy warning before filing. Evidence that includes a bearer token, password-like text, API-key phrase, or customer email can mark Sensitive data scrub for review. Replace those values with placeholders such as [redacted token] or [customer email redacted], regenerate the report, and review the Markdown again before copying it into a tracker.

FAQ:

Does Ready to triage mean the bug is confirmed?

No. It means the report has the core details needed for triage. A tester or engineer still needs to reproduce the issue, inspect the evidence, search for duplicates, and confirm the fix path.

Should severity and priority be the same?

No. Severity records user or technical harm. Priority is a planning decision that can consider customer commitments, release timing, duplication, engineering effort, and available workarounds.

Why does one reproduction step need review?

One step often omits setup, navigation, account state, data conditions, or the action that triggers the failure. Add the shortest ordered sequence another person can follow.

Can I paste logs into the report?

Yes, but keep them short and sanitized. Use logs for status codes, request identifiers, concise console output, or error snippets that help reproduction or diagnosis.

What if the bug is only a suspected regression?

Record the first affected build, last known good build, release, or date range if you know it. Do not present the regression as a proven cause unless it has already been confirmed.

Glossary:

Reproduction steps: The ordered actions another person follows to trigger the observed issue.
Expected behavior: The product behavior, requirement, or user-visible outcome that should have occurred.
Actual behavior: The observed symptom, error, missing response, wrong data, crash, or blocked action.
Severity: A label for the technical, user, customer, or operational harm caused by the bug.
Reproducibility: How reliably the same setup and steps trigger the same failure.
Regression window: The first-seen date, affected build, release range, or last known good version that narrows when the issue may have started.

References:

Bug report template, Atlassian Jira.
Configuring issue templates for your repository, GitHub Docs.
Bug Writing Guidelines, Mozilla Bugzilla.