Claude finished @carlos-alm's task —— View job

Reviewing PR: ci: run pre-publish benchmark gate on every PR

Todo List:

• Read and analyze the changed workflow file
• Phase 1: Root cause analysis
• Phase 2: Configuration change detection
• Phase 3: Test integrity assessment
• Phase 4: Code quality review
• Phase 5: Backlog compliance evaluation
• Provide final assessment and rating

Root Cause Analysis

Problem Being Solved: Performance regressions were only being caught at release time via the pre-publish benchmark gate in publish.yml, allowing regressions to land on main and only surface during the next release cycle when they're expensive to fix.

Why This Approach: Moving the gate to run on every PR means regressions are caught immediately when introduced, while the diagnostic context is still fresh and the fix is cheap. The recent diagnostics improvements (#1067, #1066) make the gate logs genuinely useful for debugging.

Risk Assessment: This is a defensive change that adds quality gates without removing existing safeguards. The approach mirrors the existing proven gate from publish.yml with minimal modifications.

Backlog Compliance

• Zero-dep: ✓ — No new runtime dependencies added, builds on existing benchmark infrastructure
• Foundation-aligned: ✓ — Aligns with P1 (always-current) by preventing regressions from reaching main, supports P5 (embeddable-first) by ensuring API stability
• Problem-fit: 4 — Directly improves development workflow by catching performance regressions before they affect users/agents
• Breaking: No — Purely additive CI enhancement, no changes to user-facing APIs or behavior
• Tier: 1

Critical Concerns

None identified. This is a well-executed defensive improvement.

Strengths:

1. Smart artifact reuse (lines 339-343): Reuses native-host-ubuntu-latest from existing CI matrix instead of building a separate artifact, avoiding duplication
2. Proper parallelization (line 310, 444): Depends only on native-host-build, runs parallel with other checks, doesn't extend critical path
3. Rolling version strategy (line 374): Uses --version dev as a rolling entry that replaces previous dev runs, compared against latest stable baseline
4. Debuggable failures (lines 431-440): if: always() ensures JSON artifacts are uploaded even on failure, making regressions debuggable without local reproduction
5. Preserved diagnostics (line 316): Maintains CODEGRAPH_FAST_SKIP_DIAG=1 for the incremental rebuild regression investigation
6. Identical test coverage: All four benchmark suites (build/resolution/query/incremental) plus threshold gates and tracer validation preserved from publish.yml

Technical Implementation Quality:

• Clean duplication strategy: Rather than complex abstraction, cleanly duplicates the proven logic with targeted modifications (version label, artifact source)
• Consistent with existing patterns: Uses same timeout values, shell scripting patterns, and error handling as other CI jobs
• Proper gate integration: Correctly wired into ci-pipeline needs array (line 444) so regressions fail the PR

Minor Considerations:

• Resource usage: This adds ~5-10 minutes of compute time per PR, but given the value of catching regressions early, this is well-justified overhead
• No history upload: Correctly omits the history file artifact upload since that's only needed for the post-publish recording job

Final Recommendation

• Rating: ⭐⭐⭐⭐☆ (4/5)
• Action: APPROVE
• Reasoning: This is a high-quality defensive improvement that addresses a real pain point (late regression detection) with a proven, well-implemented solution. The approach is technically sound, preserves all safeguards, and follows existing patterns. The only reason it's not 5 stars is that it's "just" moving existing functionality rather than innovative new capability—but that's actually a strength for this type of quality gate.

Greptile Summary

This PR ports the pre-publish-benchmark job from publish.yml into ci.yml, so the regression gate runs on every PR rather than only at release time. It also fixes two pre-existing silent failures in regression-guard.test.ts: the dev build was being excluded from the import-resolution sub-benchmark, and the version-gap check prevented dev from ever being selected as the latest candidate in findLatestPair.

• CI job added: pre-publish-benchmark runs in parallel with lint/test/typecheck on PRs, downloads the native-host-ubuntu-latest artifact, tags results as --version dev, and gates the PR via ci-pipeline's needs array; the job is skipped on push-to-main to avoid duplicating minutes.
• findLatestPair fix: adds an isDevLatest flag that bypasses the effectiveGap check so dev is always compared against the most recent non-skipped release, not silently dropped.
• Import-resolution fix: replaces the hard e.version !== 'dev' filter with findLatestPair, and propagates baselineVersion to assertNoRegressions (and the precision/recall loops) so KNOWN_REGRESSIONS entries are correctly matched even when latest.version === 'dev'.

Confidence Score: 5/5

Safe to merge — the benchmark job is correctly gated to PR events only, all regression-guard logic paths now include dev builds, and the ci-pipeline check handles the conditionally-skipped job without false failures on push events.

Both previously identified silent failures in the regression guard are addressed: dev can now be selected as the latest candidate in findLatestPair, and the import-resolution section uses the same findLatestPair path as all other sub-benchmarks. The workflow wiring and skip semantics on non-PR events are correct.

No files require special attention.

Important Files Changed

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A([PR opened / push event]) --> B{event_name?}
    B -- pull_request --> C[native-host-build]
    B -- push to main --> D[lint / test / typecheck\naudit / verify-imports\nrust-check / parity]

    C --> E[pre-publish-benchmark\nif: pull_request]
    C --> D

    E --> E1[Download native-host-ubuntu-latest]
    E1 --> E2[npm install + build TS]
    E2 --> E3[Run build benchmark\n→ benchmark-result.json]
    E3 --> E4[Run resolution benchmark\n→ resolution-result.json]
    E4 --> E5[Gate on resolution thresholds\nvitest verbose]
    E5 --> E6[Run tracer validation]
    E6 --> E7[Merge resolution into build result]
    E7 --> E8[Run query benchmark]
    E8 --> E9[Run incremental benchmark]
    E9 --> E10[Update build / query / incremental reports]
    E10 --> E11[Regression guard\nRUN_REGRESSION_GUARD=1]
    E11 --> E12[Upload JSON artifacts\nif: always]

    D --> F[ci-pipeline\nif: always]
    E12 --> F
    B -- push to main\nskips benchmark --> F

    F --> G{any failure\nor cancelled?}
    G -- yes --> H([❌ PR blocked])
    G -- no --> I([✅ PR gates pass])

_{Reviews (13): Last reviewed commit: "Merge branch 'main' into ci/regression-g..." | Re-trigger Greptile}

Addressed Greptile review feedback in 9aca6db and fda3c4f:

• Event filter (if: github.event_name == 'pull_request') — added to scope the gate to PRs only, mirroring publish.yml's if: github.event_name != 'push' skip. Push-to-main no longer re-runs the full benchmark suite on the merge commit (the merging PR already gated on the same diff).
• Per-step timeout-minutes — added 20-minute timeouts to the four benchmark execution steps (build / resolution / query / incremental) so a hung script can't hold the runner for the GitHub default 6 hours.

Also fixed the failing CI:

• The pre-publish-benchmark job was tripping the regression guard on incremental Full build (3.9.6 vs 3.9.4), but the underlying regression is the same perf: WASM full-build regression in 3.9.6 (7.6s -> 14.0s, ~85% slower) #1036 / perf: 3.9.6 broad build regression — native +81% build, +60% query; both engines impacted #1037 root cause already documented in KNOWN_REGRESSIONS for Build ms/file and No-op rebuild. PR perf(wasm): scope ensureWasmTrees re-parse to files that need it #1038 added those two labels but missed the Full build label that surfaces in INCREMENTAL-BENCHMARKS — added it (fda3c4f) so the gate stops blocking on a regression that's already fixed and waiting to clear with v3.9.7+ data.

Addressed Greptile's outstanding concern about effectiveGap("dev", anyRelease) returning Infinity in dbd48ae:

The bug was real — parseSemver("dev") returns null, so effectiveGap("dev", anyRelease) always exceeded MAX_VERSION_GAP, causing findLatestPair to silently fall through to compare the two most recent real releases instead of dev vs the latest release. That defeated the entire purpose of running the regression guard on every PR.

Fix: in findLatestPair, when latestVersion === 'dev', bypass the version-gap check. Dev is always the current PR build, so the most recent comparable release is the correct baseline regardless of feature-expansion distance. Real releases still respect MAX_VERSION_GAP to avoid stale baselines. All 17 regression-guard tests pass.

@greptileai

Pushed two follow-up commits to fix the failing CI on this PR's own gate:

• 3cf32b1 - fix(bench): look up KNOWN_REGRESSIONS by baseline version when latest is dev. The exemption keys are anchored to the release where the regression was first observed (e.g. 3.9.6:No-op rebuild); when the per-PR gate runs dev as latest, lookups using dev:Foo never matched, so every documented regression resurfaced. Added a baseline-version fallback so a single 3.9.6:Foo entry now covers both 3.9.6 vs 3.9.5 (release-time) and dev vs 3.9.6 (per-PR) until the next release clears the regression.
• 46492cf - test(bench): mark 3.9.6 1-file rebuild as known regression. After the fallback fix, only 1-file rebuild remained failing (78 → 116ms / 54 → 81ms). Root cause is fix(native): persist file_hashes for dropped/symbol-less files #1069's unconditional backfill on every incremental, fix tracked in perf(native): skip backfill on clean incrementals #1082; added the entry with the same documentation pattern as the other 3.9.6:* exemptions.

Pre-publish benchmark gate is now passing.

Addressed Greptile's outstanding concern from the May 6 review summary about the import-resolution sub-benchmark in f5f8372:

tests/benchmarks/regression-guard.test.ts — the resolveEntries filter at line 572 excludes dev entries, leaving the import-resolution sub-benchmark without PR-level coverage.

Fix: switched the resolve sub-benchmark from the dev-excluding resolveEntries filter to findLatestPair (which already pairs dev against the most recent comparable release for the engine sub-benchmarks). nativeBatchMs / jsFallbackMs regressions introduced by a PR are now caught by the same gate as build / query / incremental.

Also resolved the merge conflict with main (9194394). The conflict was in regression-guard.test.ts — main's NOISY_METRICS / thresholdFor additions co-exist cleanly with this PR's isDevLatest bypass and baselineVersion fallback. Pruned the stale 3.9.6:Full build / 3.9.6:1-file rebuild entries since main's 3.10.0:* entries now cover those metrics for dev comparisons.

@greptileai