You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
(run #27553950928, rubric finding: 5th framework-failure run — consumed 2.605M ET before concluding with no follow-up build yet, defer to next run, the same skip reason reached by normal runs in one step at ~250K ET)
Pattern: 5 of 31 ci-scan runs (16%) have been high-ET failures: #27280572825, #27419354921, #27467511572, #27518931725, #27553950928 — all hitting the same Step-1 skip path after burning 2.4–2.6M ET on timeline fetches, log downloads, and Helix queries that serve no purpose once no scannable build exists.
Previous attempt to fix this (issue #7627, run #27523314204) failed to push; run #27553950928 occurred after that failed attempt, confirming the patch is still needed.
Add Hard Rule 10 after Rule 9: names the exact operations forbidden and gives the literal tally row so the agent never needs to compute it.
Update Step 1 trailing sentence from re-stating the skip names to "apply Hard Rule 10 immediately" — constraint stated once, authoritative.
Expected behavior change
On any run where Step 1 yields no follow-up build yet, defer to next run (or either other selection-time skip reason), the scanner will append the reason to the coverage file, print | 0 | 0 | 0 | 1 |, call noop, and stop — without fetching any AzDO timeline, Helix work item, or task log. This eliminates the 10× token variance (250K vs 2.6M ET) observed between low-ET (correct) and high-ET (incorrect) runs on identical pipeline state.
The patch file is available in the agent artifact in the workflow run linked above.
To create a pull request with the changes:
# Download the artifact from the workflow run
gh run download 27593405793 -n agent -D /tmp/agent-27593405793
# Create a new branch
git checkout -b fix/ci-scan-hard-rule-10-early-exit-e7d76dfcbaf79c13
# Apply the patch (--3way handles cross-repo patches where files may already exist)
git am --3way /tmp/agent-27593405793/aw-fix-ci-scan-hard-rule-10-early-exit.patch
# Push the branch to origin
git push origin fix/ci-scan-hard-rule-10-early-exit-e7d76dfcbaf79c13
# Create the pull request
gh pr create --title '[ci-scan-feedback] ci-scan: add Hard Rule 10 for early exit on no scannable build' --base main --head fix/ci-scan-hard-rule-10-early-exit-e7d76dfcbaf79c13 --repo dotnet/machinelearning
Show patch preview (54 of 54 lines)
From 601ceb9038f9698563dbd2b429c1fc196c9591d7 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Tue, 16 Jun 2026 04:11:47 +0000
Subject: [PATCH] ci-scan: add Hard Rule 10 to force early exit on no scannable
build
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
5 of 31 ci-scan runs (16%) consumed 2.4–2.6M effective tokens before
concluding with the same skip reason ("no follow-up build yet, defer
to next run") that should have stopped the run immediately after Step 1.
The existing "and stop" sentence in Step 1 was insufficient as a hard
constraint; agents continued to fetch timelines and logs regardless.
Add Hard Rule 10 which elevates the no-scannable-build exit to the same
level as the issue-cap and label rules: append the skip reason, print
the tally row, call noop, and stop — without fetching any AzDO timeline,
downloading any log, querying any Helix work item, or calling any MCP
tool beyond noop.
Update Step 1 trailing sentence to reference Hard Rule 10 instead of
restating it, so the constraint is stated once and authoritative.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---
.github/workflows/ci-scan.agent.md | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/.github/workflows/ci-scan.agent.md b/.github/workflows/ci-scan.agent.md
index 0937c5f..1ee7136 100644
--- a/.github/workflows/ci-scan.agent.md+++ b/.github/workflows/ci-scan.agent.md@@ -78,6 +78,7 @@ These invariants are not delegated to the shared file. Honor them even if a shar
7. **All state under `/tmp/gh-aw/agent/`;** each bash call is a fresh subshell.
8. **AzDO REST is anonymous;** stay on `https://dev.azure.com/dnceng-public/public/_apis/build/...`. Follow every rule in [Environment constraints](shared/ci-scan.instructions.md#environment-constraints) (pre-bind URLs, `%24top`, no redirection).
9. **Sanitize every embedded log excerpt** per [Sanitiza
... (truncated)
Triggering signals
no follow-up build yet, defer to next run, the same skip reason reached by normal runs in one step at ~250K ET)#27280572825,#27419354921,#27467511572,#27518931725,#27553950928— all hitting the same Step-1 skip path after burning 2.4–2.6M ET on timeline fetches, log downloads, and Helix queries that serve no purpose once no scannable build exists.#27523314204) failed to push; run#27553950928occurred after that failed attempt, confirming the patch is still needed.Proposed edits
.github/workflows/ci-scan.agent.mdlines 80–92 (2 changes):Expected behavior change
On any run where Step 1 yields
no follow-up build yet, defer to next run(or either other selection-time skip reason), the scanner will append the reason to the coverage file, print| 0 | 0 | 0 | 1 |, callnoop, and stop — without fetching any AzDO timeline, Helix work item, or task log. This eliminates the 10× token variance (250K vs 2.6M ET) observed between low-ET (correct) and high-ET (incorrect) runs on identical pipeline state.Note
This was originally intended as a pull request, but the git push operation failed.
Workflow Run: View run details and download patch artifact
The patch file is available in the
agentartifact in the workflow run linked above.To create a pull request with the changes:
Show patch preview (54 of 54 lines)
From 601ceb9038f9698563dbd2b429c1fc196c9591d7 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com> Date: Tue, 16 Jun 2026 04:11:47 +0000 Subject: [PATCH] ci-scan: add Hard Rule 10 to force early exit on no scannable build MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 5 of 31 ci-scan runs (16%) consumed 2.4–2.6M effective tokens before concluding with the same skip reason ("no follow-up build yet, defer to next run") that should have stopped the run immediately after Step 1. The existing "and stop" sentence in Step 1 was insufficient as a hard constraint; agents continued to fetch timelines and logs regardless. Add Hard Rule 10 which elevates the no-scannable-build exit to the same level as the issue-cap and label rules: append the skip reason, print the tally row, call noop, and stop — without fetching any AzDO timeline, downloading any log, querying any Helix work item, or calling any MCP tool beyond noop. Update Step 1 trailing sentence to reference Hard Rule 10 instead of restating it, so the constraint is stated once and authoritative. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .github/workflows/ci-scan.agent.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci-scan.agent.md b/.github/workflows/ci-scan.agent.md index 0937c5f..1ee7136 100644 --- a/.github/workflows/ci-scan.agent.md +++ b/.github/workflows/ci-scan.agent.md @@ -78,6 +78,7 @@ These invariants are not delegated to the shared file. Honor them even if a shar 7. **All state under `/tmp/gh-aw/agent/`;** each bash call is a fresh subshell. 8. **AzDO REST is anonymous;** stay on `https://dev.azure.com/dnceng-public/public/_apis/build/...`. Follow every rule in [Environment constraints](shared/ci-scan.instructions.md#environment-constraints) (pre-bind URLs, `%24top`, no redirection). 9. **Sanitize every embedded log excerpt** per [Sanitiza ... (truncated)