ci: harden and accelerate cached runtime checks#2876
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
🛡️ AI Review — Skeptic (security review)VERDICT: SAFE VERY HIGH heuristic scrutiny (11-day-old account, zero public repos), mitigated by repository admin permission, consistent authorship, and no Gittensor association; branch targets main. Static analysis found no security vulnerability in the current diff. Snapshot selection is bound to the canonical workflow, repository, default branch, immutable run, and producer commit; runtime path classification uses the immutable base SHA and fails closed. No trusted AI-review instruction files were modified. FindingsNo findings. ConclusionNo malicious behavior or security vulnerability was found. The workflow and clone-test changes preserve or strengthen existing trust boundaries. 🔍 AI Review — Auditor (domain review)VERDICT: 👍 UNKNOWN Gittensor association; very new GitHub identity but repository admin, reviewed with heightened scrutiny. The implementation matches the substantive PR description. Snapshot provenance is bound to the canonical producer run and commit, path classification fails closed, and destructive clone regressions use isolated checkpoint restores. The overlaps with #2850 and #2837 are incidental, not duplicate implementations. The snapshot artifact and runtime change-filter fixture suites passed, as did shell syntax and diff checks. No auto-fixes were needed. FindingsNo findings. ConclusionNo correctness or domain blocker was found. The PR is ready to merge. |
|
🔄 AI review updated — Skeptic: VULNERABLE |
dd412d7 to
7eca897
Compare
|
🔄 AI review updated — Skeptic: SAFE Auditor: 👍 |
|
🔄 AI review updated — Skeptic: SAFE Auditor: 👍 |
|
🔄 AI review updated — Skeptic: SAFE Auditor: 👍 |
|
🔄 AI review updated — Skeptic: SAFE Auditor: 👍 |
|
🔄 AI review updated — Skeptic: SAFE Auditor: 👎 |
|
🔄 AI review updated — Skeptic: SAFE Auditor: 👎 |
|
🔄 AI review updated — Skeptic: SAFE Auditor: 👍 |
|
🔄 AI review updated — Skeptic: SAFE Auditor: 👍 |
|
🔄 AI review updated — Skeptic: SAFE Auditor: 👍 |
|
🔄 AI review updated — Skeptic: SAFE Auditor: 👍 |
6c40078 to
216f0d6
Compare
|
🔄 AI review updated — Skeptic: SAFE Auditor: 👍 |
|
🔄 AI review updated — Skeptic: SAFE Auditor: 👍 |
What changed
fresh-try-runtime-stateor the manualfresh_stateinputubuntu-latestand move periodic smoke monitoring off the scarce try-runtime runner poolOperational behavior
The default-branch producer runs daily. Try-runtime consumers warn once a snapshot is older than 36 hours and fail after 72 hours rather than silently scraping live state. A manual producer dispatch is therefore recovery for a failed/missed schedule, not routine maintenance. Clone snapshots retain their existing seven-day optional restore and live fallback.
The clone suite downloads the existing
mainnet-snapshotonce. Its issuance phase and remaining regression phase use isolated databases restored from that same local checkpoint, so mutation-heavy tests cannot contaminate the global issuance invariant. The requiredSudo-upgrade mainnet clone and testcheck name is unchanged.The three try-runtime network checks remain distinct and keep their existing job names.
MultiBlockMigrator = ()continues to use--disable-mbm-checks; ambiguous detection fails, while a future non-unit migrator automatically retains the full MBM path.Measured impact
Validation
ubuntu-latestcargo check -p node-subtensorpassed withSKIP_WASM_BUILD=1; full local wasm compilation is unavailable because the Mac Clang lacks a wasm backendgit diff --checkpassed; the final workflow parsed and executed successfully on GitHub ActionsRebased onto latest
main.Final optimization follow-up
4002: count exceeds maximum value), so the experiment was reverted rather than adding adaptive complexity.