================================================================================
VIOLATION REPORT FOR TASK 9_withhs_drift_alert_1_412225437_new
================================================================================

Total Violations: 2
================================================================================


================================================================================
VIOLATION #1
================================================================================

Step Index: 2
Assertion Name: kusto_invocation_requires_predefined_query_and_correct_cluster
Invariant Type: CAPABILITY
Check Type: python_check
Severity: medium

Check Hint:
----------------------------------------
When KustoAgent runs a query, it must be a predefined query present in the plan or prior Orchestrator instruction, and the query must be tailored to the incident's cluster (no placeholders like TODO/TBD/<CLUSTER>). Verify that a kusto code block exists earlier and that the current query's clusterName matches the cluster parsed from the incident description.
----------------------------------------

Evidence:
----------------------------------------
Current Event:
  Role: KustoAgent
  Content:
    **Kusto Query:**
    let driftedSettingName = 'VncEndpointCandidates';
    cluster('azurecm').database('AzureCM').NetworkServiceManagerEvents
    | where PreciseTimeStamp > ago(6h)
    | where TaskName == 'ChangedSetting' and Message has driftedSettingName
    | parse Message with 'name="' SettingName '" value="' SettingValue '" buildVersion="' BuildVersion '"'
    | project nsmTime = PreciseTimeStamp, SettingName, ActualValue = SettingValue, BuildVersion, Tenant, Region
    | summarize arg_max(nsmTime, *) by Region, Tenant, SettingName
    | extend _key = tolower(Tenant)
    | join kind = leftouter (
        cluster('aznwsdn').database('aznwmds').NSMGoalState
        | where DataIngestionTime > ago(1d)
        | where not(InFlight)
        | where SettingName =~ driftedSettingName
        | summarize arg_max(DataIngestionTime, *) by ClusterName
        | project ClusterName, SettingName, ExpectedValue = SettingValue, _key = tolower(ClusterName)
    ) on _key
    | where ClusterName != ""
    | where ActualValue !~ ExpectedValue
    | project Region, ClusterName, ExpectedValue
    
     semantic_query_matcher: True 
    
    stub match:False 
    
    **Kusto result:**
    Error running Kusto Query:
    Failed to process network request for the endpoint: https://.kusto.windows.net/v1/rest/auth/metadata

Matched Substeps:
  Sub-index: 5
  Role: KustoAgent
----------------------------------------

Taxonomy Targets:
  - InvalidInvocation
  - Instruction/PlanAdherenceFailure
  - IntentPlanMisalignment

================================================================================
VIOLATION #2
================================================================================

Step Index: 2
Assertion Name: kusto_failure_requires_followup_delegation
Invariant Type: TEMPORAL
Check Type: python_check
Severity: medium

Check Hint:
----------------------------------------
If the KustoAgent reports an error executing the query, the Orchestrator must perform a follow-up actionable delegation (e.g., Orchestrator (-> user) with explicit instructions) before terminating. Detect an error message in the KustoAgent content, then scan subsequent substeps in the current and next step for an explicit Orchestrator delegation to the user. If termination occurs without any such delegation, the invariant fails.
----------------------------------------

Evidence:
----------------------------------------
Current Event:
  Role: KustoAgent
  Content:
    **Kusto Query:**
    let driftedSettingName = 'VncEndpointCandidates';
    cluster('azurecm').database('AzureCM').NetworkServiceManagerEvents
    | where PreciseTimeStamp > ago(6h)
    | where TaskName == 'ChangedSetting' and Message has driftedSettingName
    | parse Message with 'name="' SettingName '" value="' SettingValue '" buildVersion="' BuildVersion '"'
    | project nsmTime = PreciseTimeStamp, SettingName, ActualValue = SettingValue, BuildVersion, Tenant, Region
    | summarize arg_max(nsmTime, *) by Region, Tenant, SettingName
    | extend _key = tolower(Tenant)
    | join kind = leftouter (
        cluster('aznwsdn').database('aznwmds').NSMGoalState
        | where DataIngestionTime > ago(1d)
        | where not(InFlight)
        | where SettingName =~ driftedSettingName
        | summarize arg_max(DataIngestionTime, *) by ClusterName
        | project ClusterName, SettingName, ExpectedValue = SettingValue, _key = tolower(ClusterName)
    ) on _key
    | where ClusterName != ""
    | where ActualValue !~ ExpectedValue
    | project Region, ClusterName, ExpectedValue
    
     semantic_query_matcher: True 
    
    stub match:False 
    
    **Kusto result:**
    Error running Kusto Query:
    Failed to process network request for the endpoint: https://.kusto.windows.net/v1/rest/auth/metadata

Matched Substeps:
  Sub-index: 5
  Role: KustoAgent
----------------------------------------

Taxonomy Targets:
  - SystemFailure
  - Instruction/PlanAdherenceFailure

================================================================================
END OF VIOLATION REPORT
================================================================================