Skip to content

fix: disable Codex multi-agent v2 for Relay runs#427

Merged
rapids-bot[bot] merged 2 commits into
NVIDIA:mainfrom
willkill07:wkk_fix/codex-disable-multi-agent-v2
Jul 15, 2026
Merged

fix: disable Codex multi-agent v2 for Relay runs#427
rapids-bot[bot] merged 2 commits into
NVIDIA:mainfrom
willkill07:wkk_fix/codex-disable-multi-agent-v2

Conversation

@willkill07

@willkill07 willkill07 commented Jul 15, 2026

Copy link
Copy Markdown
Member

Overview

Disable Codex multi-agent v2 when Codex runs through NeMo Relay so delegated task content remains readable to Relay observability instead of arriving as opaque encrypted content.

  • I confirm this contribution is my own work, or I have the right to submit it under this project's license.
  • I searched existing issues and open pull requests, and this does not duplicate existing work.

Details

  • Make nemo-relay install codex write features.multi_agent_v2.enabled = false alongside the managed provider and hooks configuration.
  • Restore the user's previous multi-agent v2 setting on uninstall and preserve other fields in the features.multi_agent_v2 table.
  • Inject features.multi_agent_v2.enabled=false as a temporary Codex config override for transparent wrapped execution.
  • Require the managed v2-disable setting in Codex provider installation checks.
  • Add focused coverage for wrapped launch arguments, repeated installation, uninstall restoration, and uninstall without a backup.
  • Keep documentation separate in companion PR docs(cli): update Codex integration and delegation trace guidance #426.
  • Validation: focused Codex launcher/installer tests, just test-rust, cargo fmt --all -- --check, cargo clippy --workspace --all-targets -- -D warnings, and uv run pre-commit run --all-files passed.
  • Breaking changes: none.

Where should the reviewer start?

Start with crates/cli/src/agents/codex/host.rs for persistent install and rollback ownership, then crates/cli/src/agents/codex/launch.rs for the wrapped-execution override.

Related Issues: (use one of the action keywords Closes / Fixes / Resolves / Relates to)

Summary by CodeRabbit

  • New Features

    • Codex configuration now explicitly disables the Multi-Agent v2 feature during installation and launch.
    • Existing Multi-Agent v2 settings are preserved and restored when configurations are uninstalled or refreshed.
  • Bug Fixes

    • Removed installer-managed configuration entries cleanly when no backup is available.
    • Improved handling of Multi-Agent v2 settings across repeated installations and uninstallations.

Signed-off-by: Will Killian <wkillian@nvidia.com>
@willkill07
willkill07 requested a review from a team as a code owner July 15, 2026 02:28
@github-actions github-actions Bot added size:M PR is medium Bug issue describes bug; PR fixes bug lang:rust PR changes/introduces Rust code labels Jul 15, 2026
@coderabbitai

coderabbitai Bot commented Jul 15, 2026

Copy link
Copy Markdown

Review Change Stack

Warning

Review limit reached

@willkill07, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 7 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Enterprise

Run ID: 9bde234e-dcb6-4523-b0a4-b721da4fb2e0

📥 Commits

Reviewing files that changed from the base of the PR and between e63853e and a114086.

📒 Files selected for processing (1)
  • crates/cli/tests/coverage/agents/plugin_host_tests.rs

Walkthrough

Codex configuration installation and launch now disable features.multi_agent_v2. Backup restoration and uninstall logic preserve or remove the setting based on prior configuration state, with tests covering installation, launch arguments, restoration, and cleanup.

Changes

Codex multi-agent v2 handling

Layer / File(s) Summary
Config lifecycle management
crates/cli/src/agents/codex/host.rs, crates/cli/tests/coverage/agents/plugin_host_tests.rs
Installation writes features.multi_agent_v2.enabled = false; restoration re-applies backed-up state, while uninstall removes managed state when no backup exists.
Launch override and coverage
crates/cli/src/agents/codex/launch.rs, crates/cli/tests/coverage/agents/launcher_tests.rs, crates/cli/tests/coverage/agents/plugin_host_tests.rs
Codex launch arguments include the disabled multi-agent v2 override, with assertions covering generated arguments and repeated installation behavior.

Estimated code review effort: 3 (Moderate) | ~20 minutes

Sequence Diagram(s)

sequenceDiagram
  participant CLI
  participant CodexLaunch
  participant CodexConfig
  participant Backup
  CLI->>CodexLaunch: prepare launch arguments
  CodexLaunch->>CodexConfig: set features.multi_agent_v2.enabled=false
  CLI->>CodexConfig: install or uninstall configuration
  CodexConfig->>Backup: sanitize or read saved configuration
  Backup-->>CodexConfig: return saved multi_agent_v2 state
  CodexConfig-->>CLI: updated configuration
Loading
🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title follows Conventional Commits and accurately summarizes the main change to disable Codex multi-agent v2 for Relay runs.
Description check ✅ Passed The description matches the template with overview, details, review start, and related issues, and it includes the required confirmations.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands.

@willkill07 willkill07 added this to the 0.6 milestone Jul 15, 2026
@willkill07 willkill07 self-assigned this Jul 15, 2026

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@crates/cli/src/agents/codex/host.rs`:
- Around line 1545-1553: Add coverage for the None branch of
restore_multi_agent_v2_enabled in the plugin host tests: start with an original
configuration lacking the multi_agent_v2 section, install, then uninstall
through the backup-restore path, and assert the multi_agent_v2 section is fully
removed. Keep the existing enabled-value restoration test unchanged.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Enterprise

Run ID: a265b6b5-63df-4fc6-bc5a-93d503b776e8

📥 Commits

Reviewing files that changed from the base of the PR and between 2e4ebd2 and e63853e.

📒 Files selected for processing (4)
  • crates/cli/src/agents/codex/host.rs
  • crates/cli/src/agents/codex/launch.rs
  • crates/cli/tests/coverage/agents/launcher_tests.rs
  • crates/cli/tests/coverage/agents/plugin_host_tests.rs
📜 Review details
⏰ Context from checks skipped due to timeout. (1)
  • GitHub Check: Check / Run
🧰 Additional context used
📓 Path-based instructions (9)
**/*.rs

📄 CodeRabbit inference engine (.agents/skills/prepare-pr/SKILL.md)

**/*.rs: Any Rust change must run just test-rust
Any Rust change must run cargo fmt --all
Any Rust change must run cargo clippy --workspace --all-targets -- -D warnings

**/*.rs: Run cargo fmt --all for all FFI work since it is Rust work
Run just test-rust to validate FFI changes
Run cargo clippy --workspace --all-targets -- -D warnings to enforce strict linting on FFI work

When Rust files changed as part of Go work, also run cargo fmt --all, just test-rust, and cargo clippy --workspace --all-targets -- -D warnings

**/*.rs: Run cargo fmt --all when Rust files are changed as part of Node work
Run cargo clippy --workspace --all-targets -- -D warnings when Rust files are changed as part of Node work
Run just test-rust when Rust files are changed as part of Node work

When changing the core Rust runtime or Rust-facing API surface, format Rust code with cargo fmt (rustfmt defaults), keep cargo clippy -- -D warnings clean, and satisfy cargo deny check per deny.toml.

**/*.rs: If any Rust code changed, always run just test-rust.
If any Rust code changed, also run cargo fmt --all.
If any Rust code changed, also run cargo clippy --workspace --all-targets -- -D warnings.
For Rust changes headed for review, run cargo fmt --all and cargo clippy --workspace --all-targets -- -D warnings even if relying on pre-commit.

Files:

  • crates/cli/src/agents/codex/launch.rs
  • crates/cli/tests/coverage/agents/launcher_tests.rs
  • crates/cli/tests/coverage/agents/plugin_host_tests.rs
  • crates/cli/src/agents/codex/host.rs
**/*.{rs,py}

📄 CodeRabbit inference engine (AGENTS.md)

Follow binding naming conventions in Rust and Python: use snake_case.

Files:

  • crates/cli/src/agents/codex/launch.rs
  • crates/cli/tests/coverage/agents/launcher_tests.rs
  • crates/cli/tests/coverage/agents/plugin_host_tests.rs
  • crates/cli/src/agents/codex/host.rs
**/*.{rs,py,js,mjs,cjs,ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

**/*.{rs,py,js,mjs,cjs,ts,tsx}: Use Json = serde_json::Value in Rust-facing runtime APIs where the existing code expects JSON payloads.
Use Result<T> with FlowError in core runtime paths, and keep errors explicit and binding-appropriate at the wrapper layer.
Keep async behavior on the existing tokio-based model; bindings should preserve callback and future lifetimes rather than blocking or hiding async work unexpectedly.

Files:

  • crates/cli/src/agents/codex/launch.rs
  • crates/cli/tests/coverage/agents/launcher_tests.rs
  • crates/cli/tests/coverage/agents/plugin_host_tests.rs
  • crates/cli/src/agents/codex/host.rs
**/*.{rs,py,go,js,ts,c,h}

📄 CodeRabbit inference engine (CONTRIBUTING.md)

Use language-appropriate naming conventions: Rust snake_case, C FFI exports prefixed nemo_relay_, Go PascalCase, Node.js camelCase, and Python snake_case.

Files:

  • crates/cli/src/agents/codex/launch.rs
  • crates/cli/tests/coverage/agents/launcher_tests.rs
  • crates/cli/tests/coverage/agents/plugin_host_tests.rs
  • crates/cli/src/agents/codex/host.rs
**/*.{rs,go,js,ts}

📄 CodeRabbit inference engine (CONTRIBUTING.md)

Add the SPDX license header to all Rust, Go, JavaScript, and TypeScript source files using the corresponding // comment form.

Files:

  • crates/cli/src/agents/codex/launch.rs
  • crates/cli/tests/coverage/agents/launcher_tests.rs
  • crates/cli/tests/coverage/agents/plugin_host_tests.rs
  • crates/cli/src/agents/codex/host.rs
{crates/**/src/**/*.rs,python/**/*.py}

📄 CodeRabbit inference engine (.agents/skills/maintain-dynamic-plugins/SKILL.md)

Do not add tests under src; Rust tests belong in crate tests/ trees, and Python SDK tests belong under python/tests.

Files:

  • crates/cli/src/agents/codex/launch.rs
  • crates/cli/src/agents/codex/host.rs
**/*

📄 CodeRabbit inference engine (.agents/skills/validate-change/SKILL.md)

**/*: Format changed files with the language-native formatter before the final lint/test pass.
If dynamic plugin behavior changed, use maintain-dynamic-plugins and include the native SDK, worker protocol, Python SDK, docs, packaging, and Codecov surfaces in the validation plan.
If code changes alter APIs, bindings, commands, paths, packaging behavior, observability/adaptive semantics, or documented best practices, update any dependent maintainer or consumer skills in the same branch.
During iteration, prefer uv run pre-commit run --files <changed files...>.
Before review or handoff, run uv run pre-commit run --all-files.

Files:

  • crates/cli/src/agents/codex/launch.rs
  • crates/cli/tests/coverage/agents/launcher_tests.rs
  • crates/cli/tests/coverage/agents/plugin_host_tests.rs
  • crates/cli/src/agents/codex/host.rs
**/*.{rs,py,go,js,ts}

📄 CodeRabbit inference engine (.agents/skills/validate-change/SKILL.md)

If a language surface changed, always run that language's test target even when Rust core did not change.

Files:

  • crates/cli/src/agents/codex/launch.rs
  • crates/cli/tests/coverage/agents/launcher_tests.rs
  • crates/cli/tests/coverage/agents/plugin_host_tests.rs
  • crates/cli/src/agents/codex/host.rs
{crates/**/tests/**,python/tests/**,go/nemo_relay/**/*_test.go}

⚙️ CodeRabbit configuration file

{crates/**/tests/**,python/tests/**,go/nemo_relay/**/*_test.go}: Tests should cover the behavior promised by the changed API surface, including error paths and cross-request isolation where relevant.
Prefer assertions on lifecycle events, scope stacks, middleware ordering, and binding parity over shallow smoke tests.

Files:

  • crates/cli/tests/coverage/agents/launcher_tests.rs
  • crates/cli/tests/coverage/agents/plugin_host_tests.rs
🔇 Additional comments (13)
crates/cli/src/agents/codex/host.rs (8)

750-753: LGTM!


931-938: LGTM!


1184-1198: LGTM!


1200-1218: LGTM!


1512-1526: LGTM!


1528-1543: LGTM!


1555-1578: LGTM!


1379-1387: 🎯 Functional Correctness

Existing backups are preserved. refresh_codex_config_backup reuses the prior backup when one exists and only snapshots the live config if no backup file is present.

crates/cli/tests/coverage/agents/plugin_host_tests.rs (3)

1164-1167: LGTM!


1176-1221: LGTM!


2046-2065: LGTM!

crates/cli/src/agents/codex/launch.rs (1)

36-45: LGTM!

crates/cli/tests/coverage/agents/launcher_tests.rs (1)

269-273: LGTM!

Comment thread crates/cli/src/agents/codex/host.rs
Signed-off-by: Will Killian <wkillian@nvidia.com>
@afourniernv

Copy link
Copy Markdown
Contributor

Live-tested the Codex install, repair, uninstall, and transparent-run paths against regular and inline TOML configs. I also ran a real delegated Codex task through Relay and confirmed the child prompt and response were recorded as readable ATOF events. The focused Codex tests pass, and I didn’t find any blocking issues in the diff. LGTM.

@willkill07

Copy link
Copy Markdown
Member Author

/merge

@rapids-bot
rapids-bot Bot merged commit 45831fc into NVIDIA:main Jul 15, 2026
35 checks passed
rapids-bot Bot pushed a commit that referenced this pull request Jul 16, 2026
#### Overview

Updates the local Codex integration guide and documents the multi-agent delegation encryption behavior and its practical observability boundaries.

- [x] I confirm this contribution is my own work, or I have the right to submit it under this project's license.
- [x] I searched existing issues and open pull requests, and this does not duplicate existing work.

#### Details

- Refreshes Codex prerequisites, gateway lifecycle and configuration scope, capture behavior, and safe installation guidance.
- Explains what Relay can record for encrypted multi-agent delegation: the parent tool metadata and ciphertext, child routing fields, and child response; it cannot decrypt the delegated task.
- Documents the available mitigation and the configuration, restore, and settings caveats.
- Contains no implementation changes.
- Breaking changes: none.

Validation:

- `just docs`
- `just docs-linkcheck`
- targeted `uv run pre-commit run --files docs/nemo-relay-cli/codex.mdx`

#### Where should the reviewer start?

Start with `docs/nemo-relay-cli/codex.mdx`.

#### Related Issues: (use one of the action keywords Closes / Fixes / Resolves / Relates to)

- Closes: RELAY-478
- Relates to: #425
- Relates to: #427

Authors:
  - Will Killian (https://github.com/willkill07)

Approvers:
  - Maryam Najafian (https://github.com/mnajafian-nv)
  - https://github.com/lvojtku

URL: #426
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Bug issue describes bug; PR fixes bug lang:rust PR changes/introduces Rust code size:M PR is medium

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants