docs(M78): record moe_ffn_forward_layer_cuda_with_router GPU helper S… #195
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| env: | |
| CARGO_TERM_COLOR: always | |
| RUSTFLAGS: "-D warnings" | |
| RUST_BACKTRACE: 1 | |
| RUST_MIN_STACK: 8388608 # 8 MiB — clap/serde-json deep recursion | |
| PROPTEST_CASES: 256 | |
| # Single, monolithic `gate` job. Branch protection on `main` requires this | |
| # check (see FALSIFY-CCPA-009). Failing any step fails the gate. | |
| jobs: | |
| gate: | |
| name: ci/gate | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Install Rust toolchain (stable + llvm-tools-preview) | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| components: llvm-tools-preview, rustfmt, clippy | |
| - name: Cache cargo | |
| uses: Swatinem/rust-cache@v2 | |
| with: | |
| cache-on-failure: true | |
| # cargo-binstall fetches prebuilt binaries when crates publish them, | |
| # falls back to `cargo install` only when none exist. Drops cold-cache | |
| # tool install from ~30 min (compile from source) to ~30 s. | |
| - name: Install cargo-binstall | |
| uses: cargo-bins/cargo-binstall@main | |
| - name: Install pmat / pv / cargo-llvm-cov (binstall) | |
| run: | | |
| cargo binstall --no-confirm --locked cargo-llvm-cov | |
| cargo binstall --no-confirm --locked pmat || cargo install --locked pmat | |
| cargo binstall --no-confirm --locked aprender-contracts-cli || cargo install --locked aprender-contracts-cli | |
| # ── FALSIFY-CCPA-012 — pv contract gate ── | |
| # `pv validate` is the dogfooded gate per CLAUDE.md § "DOGFOOD pv, | |
| # NEVER bash". Bash workarounds are forbidden. | |
| - name: pv validate (FALSIFY-CCPA-012) | |
| run: pv validate contracts/claude-code-parity-apr-v1.yaml | |
| # ── M6 deliverable — pv lint sweep ── | |
| # Cross-contract gates: enforcement level, composition, etc. | |
| - name: pv lint (M6 deliverable) | |
| run: pv lint contracts/ | |
| # ── FALSIFY-CCPA-012 (b) — pin freshness ── | |
| # Bytes-only integrity check — NOT a re-implementation of pv. | |
| - name: pin-check (FALSIFY-CCPA-012) | |
| run: bash scripts/pin-check.sh contracts/pin.lock | |
| # ── FALSIFY-CCPA-012 (c) — companion ↔ aprender round-trip (M22) ── | |
| # Closes the M21 drift class: refuses companion-side contract bumps | |
| # whose bytes don't byte-match the aprender-side at the pinned | |
| # commit. Requires `contents:read` on paiml/aprender — the default | |
| # GITHUB_TOKEN is sufficient if aprender is in the same org or | |
| # public; otherwise the workflow needs an explicit token override. | |
| - name: pin-check-roundtrip (M22 — companion ↔ aprender drift guard) | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: bash scripts/pin-check-roundtrip.sh contracts/pin.lock | |
| # ── M22 step 4 — human-readable roll-up drift guard (M38) ── | |
| # Asserts spec header / status snapshot / README / CONTRIBUTING | |
| # M-counts all match the sub-milestones table tail, plus stated | |
| # gate count matches FALSIFY-CCPA-NNN row marker count. Codifies | |
| # the drift class M22 step 4 added on 2026-05-01 ("These are NOT | |
| # mechanically guarded by pin-check; a kaizen sweep is the | |
| # backstop"). M37 alone produced 6 drift-fix commits this catches. | |
| - name: check-doc-drift (M22 step 4 — kaizen backstop) | |
| run: bash scripts/check-doc-drift.sh | |
| # ── M46 — meta-test for the drift detector itself ── | |
| # Verifies every drift class in check-doc-drift.sh is correctly | |
| # caught by deliberately corrupting each, asserting the detector | |
| # exits 1 with the expected message, then restoring. Catches the | |
| # silent-regression class where a refactor breaks an assert. | |
| - name: test-doc-drift (M46 — drift-detector self-test) | |
| run: bash scripts/test-doc-drift.sh | |
| # ── Build + lint ── | |
| - name: cargo fmt --check | |
| run: cargo fmt --all -- --check | |
| - name: cargo clippy --all-targets | |
| run: cargo clippy --workspace --all-targets --all-features -- -D warnings | |
| - name: cargo build | |
| run: cargo build --workspace --all-features | |
| - name: cargo test | |
| run: cargo test --workspace --all-features | |
| # ── FALSIFY-CCPA-011 — coverage gate ── | |
| # cargo-tarpaulin is forbidden per CLAUDE.md § "Prohibited Tools". | |
| # Contract v0.4.0: 100% function coverage AND >=99% line coverage | |
| # (the <=1% line gap is an llvm-cov reporting artifact for generic | |
| # monomorphizations — see contract FALSIFY-CCPA-011 rationale). | |
| - name: function + line coverage gate (FALSIFY-CCPA-011) | |
| run: | | |
| cargo llvm-cov --workspace --all-features \ | |
| --fail-under-functions 100 \ | |
| --fail-under-lines 99 | |
| # ── FALSIFY-CCPA-013 runtime evidence — bidirectional sensitivity test ── | |
| # Canonical corpus MUST pass; regression corpus MUST fail. | |
| # If regression somehow passes the meter is broken (false negatives). | |
| - name: install ccpa CLI (binary needed for next steps) | |
| run: cargo install --path crates/ccpa-cli --locked | |
| - name: canonical corpus PASSES (FALSIFY-CCPA-013 runtime evidence) | |
| run: ccpa corpus fixtures/canonical/ | |
| - name: regression corpus FAILS (meter sensitivity bidirectional) | |
| run: | | |
| set +e | |
| ccpa corpus fixtures/regression/ | |
| code=$? | |
| set -e | |
| if [ "$code" -eq 0 ]; then | |
| echo "ERROR: regression corpus passed — meter NOT detecting drift!" | |
| exit 1 | |
| fi | |
| echo "OK: regression corpus correctly exited $code (drift detected)" | |
| # ── FALSIFY-CCPA-007 — corpus_coverage HARD-BLOCKING (M16) ── | |
| # Reachable rows = SHIPPED+PARTIAL apr-code-parity-v1 rows MINUS | |
| # the contract-declared OOS list. As of M15 contract v1.3.0, | |
| # OOS at trace boundary = {keyboard-shortcuts, status-line}. | |
| # See contract status_history M15 § remaining_uncovered_classification. | |
| # CI requires we sync the parity-matrix yaml from a known | |
| # aprender commit; a fork checkout would diverge. | |
| - name: checkout aprender for canonical apr-code-parity-v1.yaml | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: paiml/aprender | |
| ref: main | |
| path: aprender-upstream | |
| sparse-checkout: | | |
| contracts/apr-code-parity-v1.yaml | |
| - name: corpus_coverage hard-blocking gate (FALSIFY-CCPA-007) | |
| run: | | |
| ccpa coverage \ | |
| --apr-code-parity-yaml aprender-upstream/contracts/apr-code-parity-v1.yaml \ | |
| --fixtures-dir fixtures/canonical/ \ | |
| --oos-rows keyboard-shortcuts,status-line | |
| # ── FALSIFY-CCPA-010 — pmat comply (is_compliant=true, no Fail-status checks) ── | |
| # `--strict` exits 2 on ANY Warn-status check (incl. advisory ones like | |
| # "Bronze reproducibility" or "missing memory profiler"). The contract's | |
| # gate is `is_compliant=true` — i.e. zero Fail-status checks. Warnings | |
| # are advisory and tracked separately in the contract's status_history. | |
| - name: pmat comply check (FALSIFY-CCPA-010) | |
| run: | | |
| pmat comply check --format json > comply.json | |
| jq -e '.is_compliant == true and ([.checks[] | select(.status == "Fail")] | length == 0)' comply.json | |
| warns=$(jq '[.checks[] | select(.status == "Warn")] | length' comply.json) | |
| echo "is_compliant=true, 0 Fails, ${warns} advisory Warns (tracked, not gating)" | |
| # ── FALSIFY-CCPA-009 ── | |
| # Enforced by GitHub branch protection, NOT by this job. After this | |
| # job lands on main once, follow scripts/install-branch-protection.sh | |
| # to require `ci/gate` as a status check on main. | |
| - name: Note FALSIFY-CCPA-009 | |
| run: | | |
| echo "FALSIFY-CCPA-009 (ci_main_branch_green) is asserted by" | |
| echo "GitHub branch protection — see scripts/install-branch-protection.sh" |