Skip to content

perf: bound throughput by corrected ttft#1353

Open
Spycsh wants to merge 4 commits into
ai-dynamo:mainfrom
Spycsh:corr_disagg
Open

perf: bound throughput by corrected ttft#1353
Spycsh wants to merge 4 commits into
ai-dynamo:mainfrom
Spycsh:corr_disagg

Conversation

@Spycsh

@Spycsh Spycsh commented Jul 14, 2026

Copy link
Copy Markdown
Contributor

Overview:

bound throughput by corrected ttft

Observed from local disagg corr study but may not be the case for Nvidia. Check with CI.

Details:

Where should the reviewer start?

Related Issues: (use one of the action keywords Closes / Fixes / Resolves / Relates to)

  • closes GitHub issue: #xxx

Summary by CodeRabbit

  • Performance Improvements

    • Improved capacity/throughput and disaggregated latency estimates by incorporating prefill time-to-first-token constraints alongside prefill and decode capacity when calculating effective request rate.
  • Testing

    • Enhanced accuracy regression monitoring with nightly metrics plus opt-in pull-request runs for performance regressions.
    • Added/updated an automated accuracy regression comment flow that generates summaries and comparison plots from trusted workflow artifacts.

Spycsh and others added 2 commits July 11, 2026 08:15
Add a prefill-side TTFT capacity bound to disaggregated rate matching in
addition to the existing prefill/decode throughput capacities. This uses
corrected TTFT to account for first-token queueing, avoiding overprediction
when prefill concurrency is the effective bottleneck.

Signed-off-by: Spycsh <sihan.chen@intel.com>
@Spycsh
Spycsh requested review from a team as code owners July 14, 2026 03:22
@copy-pr-bot

copy-pr-bot Bot commented Jul 14, 2026

Copy link
Copy Markdown

This pull request requires additional validation before any workflows can run on NVIDIA's runners.

Pull request vetters can view their responsibilities here.

Contributors can view more details about this message here.

@coderabbitai

coderabbitai Bot commented Jul 14, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

  • @coderabbitai resume to resume automatic reviews.
  • @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

  • ▶️ Resume reviews
  • 🔍 Trigger review

Walkthrough

Changes

Rate matching

Layer / File(s) Summary
Sequence-rate capacity calculation
src/aiconfigurator/sdk/picking.py, src/aiconfigurator/sdk/sweep.py
seq_s now uses the minimum of degraded prefill capacity, degraded decode capacity, and prefill TTFT-derived capacity.

Accuracy regression workflow

Layer / File(s) Summary
PR trigger and comparison baseline
.github/workflows/accuracy-regression-testing.yml
The workflow supports selected pull request events for titles beginning with perf: and compares against the PR base SHA.
Regression artifact handoff
.github/workflows/accuracy-regression-testing.yml
The regression artifact exposes its URL, and PR-only inputs are uploaded separately with 30-day retention.
PR comment publication
.github/workflows/accuracy-regression-comment.yml
A workflow_run workflow validates inputs, publishes comparison plots, builds a bounded summary, and updates or creates the matching PR comment.

Estimated code review effort: 4 (Complex) | ~45 minutes

Poem

Three capacities guide the stream,
TTFT joins the throughput dream.
PR runs wake when titles glow,
Plots and summaries ebb and flow.
Comments bloom where results show.

🚥 Pre-merge checks | ✅ 3 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Description check ⚠️ Warning The description follows the template headings but leaves Details and reviewer start empty and uses a placeholder issue. Add concrete Details, specify where reviewers should start, and replace #xxx with the real linked issue.
✅ Passed checks (3 passed)
Check name Status Explanation
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Title check ✅ Passed The title matches the main change: throughput is now bounded by corrected TTFT.

Comment @coderabbitai help to get the list of available commands.

@github-actions github-actions Bot added the perf label Jul 14, 2026

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/aiconfigurator/sdk/picking.py`:
- Around line 73-90: Apply the same prefill TTFT capacity bound in the sweep
path’s _rate_match_dict calculation, so its seq_s and request_rate use the
minimum of prefill, decode, and TTFT-limited capacities. Prefer reusing shared
capacity arithmetic if appropriate, while preserving compatibility with
generator inputs, profiler data flow, and documented examples.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: ccb16f49-26c9-4f06-8cf9-5f39da90e113

📥 Commits

Reviewing files that changed from the base of the PR and between 2feebac and 23a4cf9.

📒 Files selected for processing (1)
  • src/aiconfigurator/sdk/picking.py
📜 Review details
🧰 Additional context used
📓 Path-based instructions (3)
**/*.py

📄 CodeRabbit inference engine (AGENTS.md)

Use the project’s uv-managed environment and run linting with ruff check . and ruff format --check ..

Files:

  • src/aiconfigurator/sdk/picking.py
**/*

⚙️ CodeRabbit configuration file

**/*: - Prefer applicable inline comments. When the correct fix is clear, small, and limited to the commented diff hunk, include it as a GitHub Suggested Change so the author can apply it with one click.

  • Do not use a suggested change when the fix requires broader design choices, multiple files, generated artifacts, unavailable context, or validation that cannot be inferred from the diff.
  • If a comment is not directly applicable, state the smallest concrete next step and why a one-click suggestion is not safe.

Files:

  • src/aiconfigurator/sdk/picking.py
src/aiconfigurator/sdk/**

⚙️ CodeRabbit configuration file

src/aiconfigurator/sdk/**: - Verify SDK API changes remain compatible with generator inputs, profiler data flow, and documented examples.

  • Flag silent schema or field-name drift between SDK models and generator/module bridge code.

Files:

  • src/aiconfigurator/sdk/picking.py
🧠 Learnings (1)
📚 Learning: 2026-05-01T00:39:37.334Z
Learnt from: simone-chen
Repo: ai-dynamo/aiconfigurator PR: 956
File: src/aiconfigurator/sdk/perf_database.py:4144-4151
Timestamp: 2026-05-01T00:39:37.334Z
Learning: In src/aiconfigurator/sdk/**/*.py, preserve upstream metadata for PerformanceResult.source: since PerformanceResult defaults source to "silicon", callers should not force-set result.source (e.g., PerfDatabase._query_silicon_or_hybrid should rely on the default and keep any existing source information rather than overwriting it). Only set source explicitly when you truly intend to change it.

Applied to files:

  • src/aiconfigurator/sdk/picking.py
🔇 Additional comments (1)
src/aiconfigurator/sdk/picking.py (1)

73-90: 📐 Maintainability & Code Quality

No action needed.

Comment thread src/aiconfigurator/sdk/picking.py Outdated
Spycsh added 2 commits July 14, 2026 03:42
Signed-off-by: Spycsh <sihan.chen@intel.com>
Signed-off-by: Spycsh <sihan.chen@intel.com>
@Spycsh
Spycsh requested review from a team as code owners July 14, 2026 04:00

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/accuracy-regression-testing.yml:
- Around line 3-15: Update the pull_request trigger in the workflow’s on
configuration to prevent body or base-branch edits from rerunning the
regression; either restrict edited events to title changes using the appropriate
event filter or remove edited if title updates should not retrigger it, while
preserving the other intended pull request events.
- Around line 58-68: Harden the old-ref handling in the workflow by passing the
selected reference through the step’s env rather than interpolating it into the
generated shell script, then quote the shell variable when it is used by the git
worktree command. Update the OLD_REF selection and downstream worktree
invocation while preserving the pull_request base SHA and workflow_dispatch
fallback behavior.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 4d2eba65-55ba-4849-a84d-248a1374bf87

📥 Commits

Reviewing files that changed from the base of the PR and between 46cfd81 and d31fe96.

📒 Files selected for processing (1)
  • .github/workflows/accuracy-regression-testing.yml
📜 Review details
⏰ Context from checks skipped due to timeout. (8)
  • GitHub Check: Collect snapshot (old)
  • GitHub Check: Collect snapshot (new)
  • GitHub Check: copyright-checks
  • GitHub Check: Build and Test (e2e)
  • GitHub Check: Build and Test (unit)
  • GitHub Check: Cargo Deny
  • GitHub Check: Rust/Python engine-step parity
  • GitHub Check: AIC Accuracy Regression Testing
🧰 Additional context used
📓 Path-based instructions (1)
.github/workflows/**

⚙️ CodeRabbit configuration file

.github/workflows/**: - Review workflow edits for least-privilege permissions, safe trigger scopes, secret exposure, fork behavior, and release/cherry-pick side effects.

  • Verify matrix jobs, artifact uploads, and scheduled support-matrix workflows still produce debuggable evidence.

Files:

  • .github/workflows/accuracy-regression-testing.yml
🔇 Additional comments (2)
.github/workflows/accuracy-regression-testing.yml (2)

129-142: 🗄️ Data Integrity & Integration

Align retention for the linked regression artifact.

The PR handoff stores artifact-url, but this primary upload uses the repository default retention while the handoff is retained for 30 days. Artifact URLs are only valid while the referenced artifact exists. (github.com) Verify the repository/org default is at least 30 days, or set it explicitly here:

         with:
           name: accuracy-regression-testing-results
+          retention-days: 30

As per path instructions: “Verify matrix jobs, artifact uploads, and scheduled support-matrix workflows still produce debuggable evidence.”

Source: Path instructions


161-182: LGTM!

Comment on lines +3 to +15
# Nightly tracked metric plus opt-in PR signal for perf changes. The PR gate is
# prediction-regression-gate.yml (docs/design/prediction_regression_gate_design.md
# §2.6/§5). The value of a scheduled run is the new-side prediction-vs-silicon
# MAPE in the uploaded artifacts; the old-vs-new comparison is only meaningful
# on manual dispatches with an explicit old-ref. Longer term this converges
# onto tools/accuracy_tracking/run_silicon.py and the two-venv machinery here
# retires.
# §2.6/§5); PR-time accuracy runs are limited to titles prefixed with "perf:".
# Longer term this converges onto tools/accuracy_tracking/run_silicon.py and the
# two-venv machinery here retires.

on:
pull_request:
types:
- opened
- edited
- synchronize
- reopened

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚀 Performance & Scalability | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Inspect the workflow around the mentioned lines and the surrounding job condition.
nl -ba .github/workflows/accuracy-regression-testing.yml | sed -n '1,140p'

Repository: ai-dynamo/aiconfigurator

Length of output: 202


🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Inspect the workflow and the job condition around the referenced lines.
awk 'NR>=1 && NR<=160 { printf "%4d  %s\n", NR, $0 }' .github/workflows/accuracy-regression-testing.yml

Repository: ai-dynamo/aiconfigurator

Length of output: 7909


Avoid rerunning the regression on non-title PR edits

pull_request.edited also fires for body and base-branch changes, but this guard only checks the current title. Any edit on a perf: PR can kick off another long regression run. Restrict edited to title changes, or drop it if title updates should not retrigger the workflow.

Suggested change
-    if: github.event_name != 'pull_request' || startsWith(github.event.pull_request.title, 'perf:')
+    if: >-
+      github.event_name != 'pull_request' ||
+      (
+        startsWith(github.event.pull_request.title, 'perf:') &&
+        (
+          github.event.action != 'edited' ||
+          github.event.changes.title.from != null
+        )
+      )
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/accuracy-regression-testing.yml around lines 3 - 15,
Update the pull_request trigger in the workflow’s on configuration to prevent
body or base-branch edits from rerunning the regression; either restrict edited
events to title changes using the appropriate event filter or remove edited if
title updates should not retrigger it, while preserving the other intended pull
request events.

Source: Path instructions

Comment on lines +58 to +68
BASE_SHA: ${{ github.event.pull_request.base.sha }}
# Empty on schedule and pull_request events (inputs only exist for
# workflow_dispatch); fall back to main so nightly runs resolve a valid
# ref.
OLD_REF_INPUT: ${{ inputs.old-ref }}
run: |
OLD_REF="${OLD_REF_INPUT:-main}"
if [ "${{ github.event_name }}" = "pull_request" ]; then
OLD_REF="${BASE_SHA}"
else
OLD_REF="${OLD_REF_INPUT:-main}"
fi

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔒 Security & Privacy | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Map the workflow file and inspect relevant sections
git ls-files .github/workflows/accuracy-regression-testing.yml
wc -l .github/workflows/accuracy-regression-testing.yml
cat -n .github/workflows/accuracy-regression-testing.yml | sed -n '1,220p'

# Search for old-ref usage in the workflow
rg -n "old-ref|old_ref|OLD_REF|worktree add|GITHUB_OUTPUT" .github/workflows/accuracy-regression-testing.yml

Repository: ai-dynamo/aiconfigurator

Length of output: 10273


🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Inspect the specific area around the reported lines and the worktree step
sed -n '50,90p' .github/workflows/accuracy-regression-testing.yml | cat -n

Repository: ai-dynamo/aiconfigurator

Length of output: 2285


🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Show the downstream step that consumes the generated old_ref output, if present
rg -n -A4 -B4 "steps\.old-ref\.outputs\.old_ref|worktree add|old_ref" .github/workflows/accuracy-regression-testing.yml

Repository: ai-dynamo/aiconfigurator

Length of output: 1782


🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Print only the relevant occurrences with surrounding context
rg -n -C 3 "old_ref|OLD_REF|old-ref|GITHUB_OUTPUT|worktree add" .github/workflows/accuracy-regression-testing.yml

Repository: ai-dynamo/aiconfigurator

Length of output: 2736


Prevent old-ref script injection.
steps.old-ref.outputs.old_ref is inserted directly into the git worktree command. Pass it through env and quote the shell variable at the sink so a crafted workflow_dispatch value can’t alter the generated runner script.

Suggested change
       - name: Create old revision worktree
+        env:
+          OLD_REF: ${{ steps.old-ref.outputs.old_ref }}
         run: |
-          git worktree add --detach ../aiconfigurator-old "${{ steps.old-ref.outputs.old_ref }}"
+          git worktree add --detach ../aiconfigurator-old "$OLD_REF"
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/accuracy-regression-testing.yml around lines 58 - 68,
Harden the old-ref handling in the workflow by passing the selected reference
through the step’s env rather than interpolating it into the generated shell
script, then quote the shell variable when it is used by the git worktree
command. Update the OLD_REF selection and downstream worktree invocation while
preserving the pull_request base SHA and workflow_dispatch fallback behavior.

Source: Path instructions

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (3)
.github/workflows/accuracy-regression-comment.yml (3)

18-22: 🔒 Security & Privacy | 🔵 Trivial | ⚡ Quick win

Drop the apparently-unused pull-requests: write permission.

Only github.rest.issues.listComments/createComment/updateComment are used in this file — these are Issues-API endpoints requiring issues: write, not pull-requests: write. Unless another consumer of GITHUB_TOKEN in this job needs it, this scope should be dropped for least privilege.

🔒️ Proposed fix
 permissions:
   actions: read
   contents: write
   issues: write
-  pull-requests: write
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/accuracy-regression-comment.yml around lines 18 - 22,
Remove the unused pull-requests: write permission from the workflow permissions
block, keeping actions: read, contents: write, and issues: write unchanged.

Source: Path instructions


25-29: 🔒 Security & Privacy | 🔵 Trivial | ⚡ Quick win

Disable credential persistence on checkout; scope the token only where it's used.

The checkout step doesn't set persist-credentials: false, so the write-scoped GITHUB_TOKEN (contents:write, issues:write, pull-requests:write) is written to disk for the whole job. actions/checkout@v5 still stores the credential directly in the checked-out repo's .git/config — the safer $RUNNER_TEMP storage produces lower-severity findings when v6.0.0 or higher of actions/checkout is used, reflecting a change in v6.0.0's credential persistence behavior, which this workflow doesn't yet benefit from. This workflow doesn't upload the workspace as an artifact, but the token is also readable by any later step in this job — and this job later does need push access for the "Publish comparison plot" step, so scope it just-in-time instead of for the whole job.

🔒️ Proposed fix
 - name: Checkout default branch
   uses: actions/checkout@v5
   with:
     fetch-depth: 0
     lfs: true
+    persist-credentials: false

Then, right before the git push in "Publish comparison plot" (around line 124), inject the token just for that push:

git -C "${ARTIFACT_DIR}" remote set-url origin "https://x-access-token:${GH_TOKEN}`@github.com/`${GITHUB_REPOSITORY}.git"

with GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} added to that step's env: block.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/accuracy-regression-comment.yml around lines 25 - 29,
Update the checkout step using actions/checkout@v5 to set persist-credentials to
false. In the “Publish comparison plot” step, add GH_TOKEN from
secrets.GITHUB_TOKEN to the step environment and set the repository remote URL
immediately before git push using that token, so write credentials are available
only for the push.

Source: Linters/SAST tools


99-125: 🩺 Stability & Availability | 🔵 Trivial | ⚡ Quick win

No retry on concurrent pushes to the shared artifacts branch.

git push origin "${ARTIFACT_BRANCH}" can fail with a non-fast-forward error if two workflow runs (e.g., from different PRs) publish plots around the same time — there's no fetch/rebase/retry loop. The step's continue-on-error: true prevents job failure, but the plot silently won't be published for the losing run. Consider a small retry loop (fetch + rebase + push, a few attempts) since each run writes to a unique pr-${PR_NUMBER}/run-${TRIGGERING_RUN_ID} path, so conflicts are purely at the git-ref level and safely resolvable.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/accuracy-regression-comment.yml around lines 99 - 125,
Update the artifact publication flow around the git push to handle concurrent
updates to ARTIFACT_BRANCH: add a bounded retry loop that fetches the branch,
rebases the local artifact worktree commit, and retries the push after
non-fast-forward failures. Preserve the unique ARTIFACT_PATH layout and existing
no-change behavior, and report failure only after all retry attempts are
exhausted.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In @.github/workflows/accuracy-regression-comment.yml:
- Around line 18-22: Remove the unused pull-requests: write permission from the
workflow permissions block, keeping actions: read, contents: write, and issues:
write unchanged.
- Around line 25-29: Update the checkout step using actions/checkout@v5 to set
persist-credentials to false. In the “Publish comparison plot” step, add
GH_TOKEN from secrets.GITHUB_TOKEN to the step environment and set the
repository remote URL immediately before git push using that token, so write
credentials are available only for the push.
- Around line 99-125: Update the artifact publication flow around the git push
to handle concurrent updates to ARTIFACT_BRANCH: add a bounded retry loop that
fetches the branch, rebases the local artifact worktree commit, and retries the
push after non-fast-forward failures. Preserve the unique ARTIFACT_PATH layout
and existing no-change behavior, and report failure only after all retry
attempts are exhausted.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 1d430186-92a3-4e7e-bec7-9507868b8f26

📥 Commits

Reviewing files that changed from the base of the PR and between d31fe96 and 8bcf926.

📒 Files selected for processing (1)
  • .github/workflows/accuracy-regression-comment.yml
📜 Review details
⏰ Context from checks skipped due to timeout. (7)
  • GitHub Check: Collect snapshot (new)
  • GitHub Check: Collect snapshot (old)
  • GitHub Check: AIC Accuracy Regression Testing
  • GitHub Check: Cargo Deny
  • GitHub Check: Build and Test (unit)
  • GitHub Check: Build and Test (e2e)
  • GitHub Check: Rust/Python engine-step parity
🧰 Additional context used
📓 Path-based instructions (1)
.github/workflows/**

⚙️ CodeRabbit configuration file

.github/workflows/**: - Review workflow edits for least-privilege permissions, safe trigger scopes, secret exposure, fork behavior, and release/cherry-pick side effects.

  • Verify matrix jobs, artifact uploads, and scheduled support-matrix workflows still produce debuggable evidence.

Files:

  • .github/workflows/accuracy-regression-comment.yml
🪛 zizmor (1.26.1)
.github/workflows/accuracy-regression-comment.yml

[warning] 25-29: credential persistence through GitHub Actions artifacts (artipacked): does not set persist-credentials: false

(artipacked)


[error] 9-12: use of fundamentally insecure workflow trigger (dangerous-triggers): workflow_run is almost always used insecurely

(dangerous-triggers)


[info] 226-226: code injection via template expansion (template-injection): may expand into attacker-controllable code

(template-injection)

🔇 Additional comments (3)
.github/workflows/accuracy-regression-comment.yml (3)

9-16: 🔒 Security & Privacy

workflow_run mitigations look sound — worth a final sanity check.

zizmor's dangerous-triggers rule fires generically on any workflow_run, but this file already applies the standard mitigations: it checks out the default branch only (never the PR ref/code), and the job gates on github.event.workflow_run.event == 'pull_request'. Worth double-checking that the upstream "Accuracy Regression Testing" workflow (not shown here) never lets PR-controlled code influence pr-number.txt/artifact-url.txt beyond the trusted github.event.pull_request.number value already confirmed in its "Prepare PR comment inputs" step.

Sources: Path instructions, Linters/SAST tools


31-39: Solid defensive design overall.

Good use of steps.download.outcome/if: always() gating so a missing artifact degrades gracefully, the symlink check (lines 49-52) before trusting artifact contents, PNG magic-byte/size validation before publishing the plot, CSV cell-escaping (md_cell) to keep the markdown table well-formed, and comment-length capping consistent with the existing comment-charts.yml pattern.

Also applies to: 41-68, 70-129, 130-215, 217-257


59-65: 🔒 Security & Privacy

PR number is already trusted herepr-number.txt is written from github.event.pull_request.number in the triggering workflow, so the fallback stays numeric and doesn’t create a path or template-injection issue.

			> Likely an incorrect or invalid review comment.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant