repo clean up#913
Conversation
|
Warning Rate limit exceeded
You’ve run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. 📝 WalkthroughWalkthroughThis PR removes extensive documentation, examples, specifications, and automation workflows while refactoring the broker's snippets module from markdown protocol-snippet installation to Relaycast MCP configuration generation. The README is updated with new marketing content and links to hosted documentation. ChangesDocumentation, examples, and MCP infrastructure overhaul
Estimated code review effort🎯 2 (Simple) | ⏱️ ~12 minutes Suggested reviewers
Poem
🚥 Pre-merge checks | ✅ 2 | ❌ 3❌ Failed checks (2 warnings, 1 inconclusive)
✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![devin-ai-integration[bot]](https://avatars.githubusercontent.com/in/811515?s=60&v=4){kind=small}
| # Agent Relay | ||
|
|
||
| Real-time agent-to-agent messaging via MCP tools. | ||
|
|
||
| ## MCP Tools |
There was a problem hiding this comment.
🔴 Deleted relay-snippets files are still include_str!'d by the Rust broker, breaking the build
The PR deletes relay-snippets/agent-relay-snippet.md, but crates/broker/src/snippets.rs:19 still embeds this file at compile time via const SNIPPET_BODY: &str = include_str!("../../../relay-snippets/agent-relay-snippet.md");. This will cause the Rust broker build to fail because include_str! resolves at compile time. Additionally, prpm.json:88,102,129 references all three deleted relay-snippets/*.md files as published snippet content, so the package registry configuration is also broken.
Prompt for agents
The file relay-snippets/agent-relay-snippet.md was deleted, but it is still referenced by:
1. crates/broker/src/snippets.rs line 19: include_str!("../../../relay-snippets/agent-relay-snippet.md") — this is a compile-time embed that will fail the Rust build.
2. prpm.json lines 88, 102, 129: references all three relay-snippets files as published snippet content.
Either restore the relay-snippets/ directory, or update crates/broker/src/snippets.rs to inline the snippet content (or point to a new location), and update prpm.json to remove or redirect the snippet file references.
Was this helpful? React with 👍 or 👎 to provide feedback.
|
|
||
| The Agent Relay SDK has two modes: | ||
|
|
There was a problem hiding this comment.
🟡 README.md contains multiple broken links to files deleted by this PR
The PR deletes docs/introduction.md, docs/cli-on-the-relay.md, docs/plugin-claude-code.md, examples/README.md, and ARCHITECTURE.md, but README.md still links to all of them at lines 85–87, 122, and 157. Every visitor to the GitHub repository will encounter dead links in the project's main documentation entry point.
Affected README.md lines
- Line 85:
[Introduction](./docs/introduction.md) - Line 86:
[CLI on the Relay](./docs/cli-on-the-relay.md) - Line 87:
[Examples](./examples/README.md) - Line 122:
[docs/plugin-claude-code.md](./docs/plugin-claude-code.md) - Line 157:
[ARCHITECTURE.md](./ARCHITECTURE.md)
Prompt for agents
README.md has 5 links that now point to deleted files. Update README.md to either: (a) point the docs links to the live documentation site or to the web/content/docs/*.mdx equivalents, (b) remove the links to deleted examples and architecture docs, or (c) restore a minimal set of these files. The affected README.md lines are 85-87, 122, and 157.
Was this helpful? React with 👍 or 👎 to provide feedback.
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (3)
crates/broker/src/snippets.rs (3)
2750-2757:⚠️ Potential issue | 🟠 Major | ⚡ Quick winSerialize this env-mutating test.
std::env::set_var/remove_varmodify process-global state, and Rust tests run in parallel by default. Another test can observe or clearRELAY_WORKSPACES_JSON, which makes this case flaky in CI. Guard it with a test mutex / serial annotation, or use a scoped env helper that synchronizes access.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@crates/broker/src/snippets.rs` around lines 2750 - 2757, The test configure_relaycast_mcp_public_reads_env_fallback mutates process-global env vars via std::env::set_var/remove_var and is therefore flaky when Rust tests run in parallel; modify this test to serialize access to environment mutation by either (a) guarding the test with a global test mutex or applying a serializing test attribute (e.g., using the serial_test or similar crate) or (b) replacing the raw set_var/remove_var with a scoped env helper (e.g., a TempEnv or scoped_env utility) that acquires a lock and restores the previous value on drop; update the configure_relaycast_mcp_public_reads_env_fallback test to use that mechanism so RELAY_WORKSPACES_JSON is changed only while the test holds the lock and is reliably restored afterwards.
354-483:⚠️ Potential issue | 🟠 Major | 🏗️ Heavy liftAvoid persisting relay credentials in workspace config files.
ensure_opencode_configandensure_cursor_mcp_configwriteRELAY_API_KEY/RELAY_AGENT_TOKENinto files under the project root. That creates an easy secret-leak path through accidental commits or shared workspace archives. Please move secret-bearing config to a user-local location, or guarantee these files are ignored before auto-writing them.Also applies to: 495-572
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@crates/broker/src/snippets.rs` around lines 354 - 483, ensure_opencode_config (and ensure_cursor_mcp_config) currently injects secret values (RELAY_API_KEY, RELAY_AGENT_TOKEN) into the project-root OPENCODE_CONFIG file via the env Map, which can leak secrets; change the logic so secrets are not persisted in the project file: either (A) remove insertion of RELAY_API_KEY / RELAY_AGENT_TOKEN from the env Map before writing and instead store those keys in a user-local, non-repo location (e.g., per-user config directory or OS keyring) referenced by a separate user-only config file, or (B) write only placeholders/flags into OPENCODE_CONFIG and write the real secret values to a user-local file (or use environment-only runtime injection) and ensure that the project OPENCODE_CONFIG never contains secret strings; update ensure_opencode_config and ensure_cursor_mcp_config to implement the chosen approach and adjust the code paths that set RELAY_API_KEY / RELAY_AGENT_TOKEN (the env.insert calls) and any write_pretty_json calls so secrets are never written under OPENCODE_CONFIG in the project root.
669-734:⚠️ Potential issue | 🟡 Minor | ⚡ Quick winEscape all Codex TOML string interpolations, not just the workspace fields.
api_key,base_url,agent_name, andagent_tokenare interpolated unescaped into TOML basic strings, whileRELAY_WORKSPACES_JSONandRELAY_DEFAULT_WORKSPACEare properly escaped. Any of the unescaped fields containing a backslash or double-quote will produce invalid TOML and break the Codex spawn.Suggested fix
+fn escape_toml_basic_string(value: &str) -> String { + value.replace('\\', "\\\\").replace('"', "\\\"") +} ... if let Some(key) = api_key { args.extend([ "--config".to_string(), - format!("mcp_servers.relaycast.env.RELAY_API_KEY=\"{key}\""), + format!( + "mcp_servers.relaycast.env.RELAY_API_KEY=\"{}\"", + escape_toml_basic_string(key) + ), ]); } if let Some(url) = base_url { args.extend([ "--config".to_string(), - format!("mcp_servers.relaycast.env.RELAY_BASE_URL=\"{url}\""), + format!( + "mcp_servers.relaycast.env.RELAY_BASE_URL=\"{}\"", + escape_toml_basic_string(url) + ), ]); } args.extend([ "--config".to_string(), - format!("mcp_servers.relaycast.env.RELAY_AGENT_NAME=\"{agent_name}\""), + format!( + "mcp_servers.relaycast.env.RELAY_AGENT_NAME=\"{}\"", + escape_toml_basic_string(agent_name) + ), ]); ... if let Some(token) = agent_token.map(str::trim).filter(|s| !s.is_empty()) { args.extend([ "--config".to_string(), - format!("mcp_servers.relaycast.env.RELAY_AGENT_TOKEN=\"{token}\""), + format!( + "mcp_servers.relaycast.env.RELAY_AGENT_TOKEN=\"{}\"", + escape_toml_basic_string(token) + ), ]); ... } ... - let escaped = wj.replace('\\', "\\\\").replace('"', "\\\""); + let escaped = escape_toml_basic_string(wj);🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@crates/broker/src/snippets.rs` around lines 669 - 734, The code injects api_key, base_url, agent_name and agent_token directly into TOML basic-strings (e.g. in the format! calls that produce mcp_servers.relaycast.env.RELAY_API_KEY/RELAY_BASE_URL/RELAY_AGENT_NAME/RELAY_AGENT_TOKEN), which can produce invalid TOML if those values contain backslashes or quotes; update each place that formats those env values to first escape backslashes and double-quotes like the existing workspaces/default_workspace handling (let escaped = value.replace('\\', "\\\\").replace('"', "\\\"")) and then use the escaped variable in the format! call (apply the same trimming/filtering already used for agent_token and base_url/api_key/agent_name Option handling).
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Outside diff comments:
In `@crates/broker/src/snippets.rs`:
- Around line 2750-2757: The test
configure_relaycast_mcp_public_reads_env_fallback mutates process-global env
vars via std::env::set_var/remove_var and is therefore flaky when Rust tests run
in parallel; modify this test to serialize access to environment mutation by
either (a) guarding the test with a global test mutex or applying a serializing
test attribute (e.g., using the serial_test or similar crate) or (b) replacing
the raw set_var/remove_var with a scoped env helper (e.g., a TempEnv or
scoped_env utility) that acquires a lock and restores the previous value on
drop; update the configure_relaycast_mcp_public_reads_env_fallback test to use
that mechanism so RELAY_WORKSPACES_JSON is changed only while the test holds the
lock and is reliably restored afterwards.
- Around line 354-483: ensure_opencode_config (and ensure_cursor_mcp_config)
currently injects secret values (RELAY_API_KEY, RELAY_AGENT_TOKEN) into the
project-root OPENCODE_CONFIG file via the env Map, which can leak secrets;
change the logic so secrets are not persisted in the project file: either (A)
remove insertion of RELAY_API_KEY / RELAY_AGENT_TOKEN from the env Map before
writing and instead store those keys in a user-local, non-repo location (e.g.,
per-user config directory or OS keyring) referenced by a separate user-only
config file, or (B) write only placeholders/flags into OPENCODE_CONFIG and write
the real secret values to a user-local file (or use environment-only runtime
injection) and ensure that the project OPENCODE_CONFIG never contains secret
strings; update ensure_opencode_config and ensure_cursor_mcp_config to implement
the chosen approach and adjust the code paths that set RELAY_API_KEY /
RELAY_AGENT_TOKEN (the env.insert calls) and any write_pretty_json calls so
secrets are never written under OPENCODE_CONFIG in the project root.
- Around line 669-734: The code injects api_key, base_url, agent_name and
agent_token directly into TOML basic-strings (e.g. in the format! calls that
produce
mcp_servers.relaycast.env.RELAY_API_KEY/RELAY_BASE_URL/RELAY_AGENT_NAME/RELAY_AGENT_TOKEN),
which can produce invalid TOML if those values contain backslashes or quotes;
update each place that formats those env values to first escape backslashes and
double-quotes like the existing workspaces/default_workspace handling (let
escaped = value.replace('\\', "\\\\").replace('"', "\\\"")) and then use the
escaped variable in the format! call (apply the same trimming/filtering already
used for agent_token and base_url/api_key/agent_name Option handling).
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro Plus
Run ID: 332ae3a6-50d5-4a0b-a336-4d160527ba58
📒 Files selected for processing (2)
crates/broker/src/snippets.rspackage.json
💤 Files with no reviewable changes (1)
- package.json
There was a problem hiding this comment.
Actionable comments posted: 3
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@README.md`:
- Line 29: Update the user-facing sentence in README.md by hyphenating "cross
collaboration" to "cross-collaboration" (locate the phrase "could spawn their
own subagents. This allows for powerful AI cross collaboration so you can get
the best harnesses + models working" and replace the two-word phrase with the
hyphenated form) to improve readability.
- Around line 44-59: The three fenced code blocks in the README (the install
curl snippet, the npx skills install line, and the usage example) lack language
identifiers; update each opening triple-fence to include "bash" (i.e., replace
``` with ```bash) so the blocks explicitly declare the shell language for lint
MD040 and correct rendering in README.md.
- Line 45: Replace the mutable "main" branch in the install curl command in
README.md with a pinned, immutable release tag (e.g., use a specific release
like "vX.Y.Z" in the URL for the curl -fsSL ... | bash pipeline) and optionally
add guidance to verify a checksum or use a signed release; update the example
command and surrounding text to show using a versioned URL (and mention
checksum/signature verification) instead of the raw "main" URL.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
| ``` | ||
| curl -fsSL https://raw.githubusercontent.com/AgentWorkforce/relay/main/install.sh | bash | ||
|
|
||
| ``` | ||
|
|
||
| 2. Install the skill | ||
|
|
||
| ``` | ||
| npx skills add https://github.com/agentworkforce/skills --skill orchestrating-agent-relay | ||
| ``` | ||
|
|
||
| 3. Tell your agent to use it | ||
|
|
||
| ``` | ||
| use the orchestrating-agent-relay skill to spawn a claude and codex agent and [YOUR_TASK] | ||
| ``` |
There was a problem hiding this comment.
Add language identifiers to fenced code blocks (MD040).
Line 44, Line 51, and Line 57 use bare fences. Add bash for lint compliance and better rendering.
Suggested doc change
-```
+```bash
curl -fsSL https://raw.githubusercontent.com/AgentWorkforce/relay/main/install.sh | bash- +bash
npx skills add https://github.com/agentworkforce/skills --skill orchestrating-agent-relay
-```
+```bash
use the orchestrating-agent-relay skill to spawn a claude and codex agent and [YOUR_TASK]
</details>
<!-- suggestion_start -->
<details>
<summary>📝 Committable suggestion</summary>
> ‼️ **IMPORTANT**
> Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
```suggestion
🧰 Tools
🪛 markdownlint-cli2 (0.22.1)
[warning] 44-44: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
[warning] 51-51: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
[warning] 57-57: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@README.md` around lines 44 - 59, The three fenced code blocks in the README
(the install curl snippet, the npx skills install line, and the usage example)
lack language identifiers; update each opening triple-fence to include "bash"
(i.e., replace ``` with ```bash) so the blocks explicitly declare the shell
language for lint MD040 and correct rendering in README.md.
| 1. Install the agent-relay cli | ||
|
|
||
| ``` | ||
| curl -fsSL https://raw.githubusercontent.com/AgentWorkforce/relay/main/install.sh | bash |
There was a problem hiding this comment.
Pin install script to an immutable release instead of main.
This command executes a remote script directly from a mutable branch, which weakens supply-chain safety. Prefer a versioned/tagged URL (or checksum-verified download) in docs.
Suggested doc change
-curl -fsSL https://raw.githubusercontent.com/AgentWorkforce/relay/main/install.sh | bash
+curl -fsSL https://raw.githubusercontent.com/AgentWorkforce/relay/<tag-or-commit>/install.sh | bash📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| curl -fsSL https://raw.githubusercontent.com/AgentWorkforce/relay/main/install.sh | bash | |
| curl -fsSL https://raw.githubusercontent.com/AgentWorkforce/relay/<tag-or-commit>/install.sh | bash |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@README.md` at line 45, Replace the mutable "main" branch in the install curl
command in README.md with a pinned, immutable release tag (e.g., use a specific
release like "vX.Y.Z" in the URL for the curl -fsSL ... | bash pipeline) and
optionally add guidance to verify a checksum or use a signed release; update the
example command and surrounding text to show using a versioned URL (and mention
checksum/signature verification) instead of the raw "main" URL.
2 participants
Summary
Test Plan
Screenshots