level: technical
pytorch now has a cross-repository ci relay that connects upstream pull requests to downstream repositories. when a pr is opened or a commit is pushed to pytorch/pytorch, the relay dispatches events to registered backends like intel xpu, amd rocm, and apple mps. those backends run their own ci workflows and report results back through an authenticated callback. the results appear on the pytorch ci hud within seconds, giving maintainers a unified view of both in-tree and out-of-tree ci health.
the relay uses a tiered allowlist with four levels. level 1 only sends dispatches. level 2 adds hud reporting. level 3 adds a non-blocking check run on the upstream pr. level 4 adds a blocking check run for critical projects. downstream repos need only a simple workflow file and a composite action to report status. the action handles oidc token minting and payload delivery, so repos do not manage secrets or callback urls.
security is enforced through five stages. oidc tokens cryptographically prove the calling repository. an allowlist authorizes which repos can report. rate limiting prevents flooding. a state machine ensures no duplicate or out-of-order callbacks. data is split into trusted and untrusted blocks, so the hud relies on relay-generated fields for attribution. the system also computes queue time and execution time metrics, displayed on the dashboard for infrastructure teams.
why it matters: it closes a coordination gap by letting pytorch maintainers see downstream breakage before merging, without requiring custom integrations from backend teams.