Summary
auto-merge-on-approval's "Wait for CodeRabbit review" step (.github/workflows/agent-review.yml:900-1011, delegating to scripts/coderabbit-wait.sh) blocks merge for up to coderabbit.max_wait_seconds (currently 1245s / ~20min) on every approved PR whenever coderabbit.enabled: true — with no check of whether Codex has already given an affirmative verdict on the same HEAD. Codex is the actual blocking bot-review gate (fleet-wide, CodeRabbit is comment-only/advisory — never CHANGES_REQUESTED); once Codex has cleared, waiting out CodeRabbit's own timeline adds pure latency and burns CI minutes + agent poll/approval turns for no additional gating value in the common case.
Concrete instance: PR #725
nathanjohnpayne/mergepath#725 — a single-word docs fix (visibility: private → public), about as low-risk a change as exists in this repo.
- Codex posted an affirmative verdict at
2026-07-07T02:09:38Z (~5 min after the trigger).
- Reviewer-identity approval landed at
2026-07-07T02:13:58Z.
- The
auto-merge-on-approval run (28836689381) then spent 5m40s (02:14:17Z → 02:19:57Z) in "Wait for CodeRabbit review" — nearly the entirety of the job's 6-minute runtime — before merging, even though Codex clearance was already ~5 minutes old by the time that step even started.
Systemic evidence
docs/audits/data/review-latency-2026-07/ (produced for #623, already committed) gives the fleet-wide distributions:
| bot |
metric |
p50 |
p90 |
p99 |
max |
| Codex |
trigger → verdict (n=100) |
217s |
426s |
630s |
830s |
| CodeRabbit |
commit → review (n=142/143, rate_limited=false) |
414s |
861s |
1136s |
1219s |
Codex's median verdict lands in well under half the time CodeRabbit's median review takes. Since the agent-driven flow typically posts reviewer approval right after Codex clears, this means on a large share of PRs — not just trivial ones — the auto-merge-on-approval wait step is very likely to actually block for real, non-trivial time purely because CodeRabbit hasn't finished yet, independent of whether the change is substantive enough to need that second opinion.
A quick sample of 51 recent pull_request_review-triggered Agent Review Pipeline runs on this repo found only 3 where auto-merge-on-approval actually ran the wait step (most approvals didn't re-arm the job or the job was skipped for other reasons) — of those, 1 (PR #725, above) waited 340s and 2 waited ~2s (CodeRabbit had already finished by the time the job ran). So the failure mode is intermittent by nature (depends on how fast the reviewer-approval lands relative to CodeRabbit's own timeline) rather than universal, but it is real and the fleet-wide latency data says it should recur often.
Why this isn't a trivial fix
CodeRabbit and Codex are intentionally complementary per REVIEW_POLICY.md § Phase 2.5 — CodeRabbit's Potential issue / ⚠️ findings are meant to be addressed independent of Codex's own review, and the wait step's rc=2 (findings present) branch does block merge on those. So "just skip CodeRabbit whenever Codex approves" would reduce review coverage, not merely trim latency, and shouldn't be done unilaterally. This issue is to track the tradeoff and land a fix, not to prescribe one. Some candidate directions:
- Short grace window post-Codex-clearance: once Codex has an affirmative verdict on HEAD, cap the CodeRabbit wait at something much shorter than the full
max_wait_seconds (e.g. a bounded probe), and treat a still-pending CodeRabbit review the same as the existing rc=4 "grace window elapsed" path (advisory, proceed) rather than the full ~20min ceiling.
- Start the CodeRabbit wait earlier, e.g. in parallel with the Codex trigger (
codex-review-request.sh) rather than only once at auto-merge-on-approval time, so by the time reviewer approval lands CodeRabbit has had the same head start Codex did. (Partially already happens by luck when approval is slow to land — the 51-run sample's 2 near-zero-wait cases — but isn't structural.)
- Downgrade CodeRabbit to fully async/post-merge advisory once both Codex clearance and reviewer approval are present, filing any post-hoc CodeRabbit findings as a follow-up issue instead of blocking merge. This is the most aggressive option and most directly matches the "CodeRabbit does not need to be triggered if Codex has already approved" framing, but most clearly trades away the Phase 2.5 guarantee and should get explicit sign-off before landing.
Pointers
Surfaced during merge of PR #725 (fix for #724).
Summary
auto-merge-on-approval's "Wait for CodeRabbit review" step (.github/workflows/agent-review.yml:900-1011, delegating toscripts/coderabbit-wait.sh) blocks merge for up tocoderabbit.max_wait_seconds(currently 1245s / ~20min) on every approved PR whenevercoderabbit.enabled: true— with no check of whether Codex has already given an affirmative verdict on the same HEAD. Codex is the actual blocking bot-review gate (fleet-wide, CodeRabbit is comment-only/advisory — neverCHANGES_REQUESTED); once Codex has cleared, waiting out CodeRabbit's own timeline adds pure latency and burns CI minutes + agent poll/approval turns for no additional gating value in the common case.Concrete instance: PR #725
nathanjohnpayne/mergepath#725 — a single-word docs fix (
visibility: private→public), about as low-risk a change as exists in this repo.2026-07-07T02:09:38Z(~5 min after the trigger).2026-07-07T02:13:58Z.auto-merge-on-approvalrun (28836689381) then spent 5m40s (02:14:17Z→02:19:57Z) in "Wait for CodeRabbit review" — nearly the entirety of the job's 6-minute runtime — before merging, even though Codex clearance was already ~5 minutes old by the time that step even started.Systemic evidence
docs/audits/data/review-latency-2026-07/(produced for #623, already committed) gives the fleet-wide distributions:Codex's median verdict lands in well under half the time CodeRabbit's median review takes. Since the agent-driven flow typically posts reviewer approval right after Codex clears, this means on a large share of PRs — not just trivial ones — the
auto-merge-on-approvalwait step is very likely to actually block for real, non-trivial time purely because CodeRabbit hasn't finished yet, independent of whether the change is substantive enough to need that second opinion.A quick sample of 51 recent
pull_request_review-triggeredAgent Review Pipelineruns on this repo found only 3 whereauto-merge-on-approvalactually ran the wait step (most approvals didn't re-arm the job or the job was skipped for other reasons) — of those, 1 (PR #725, above) waited 340s and 2 waited ~2s (CodeRabbit had already finished by the time the job ran). So the failure mode is intermittent by nature (depends on how fast the reviewer-approval lands relative to CodeRabbit's own timeline) rather than universal, but it is real and the fleet-wide latency data says it should recur often.Why this isn't a trivial fix
CodeRabbit and Codex are intentionally complementary per
REVIEW_POLICY.md§ Phase 2.5 — CodeRabbit'sPotential issue/⚠️findings are meant to be addressed independent of Codex's own review, and the wait step's rc=2 (findings present) branch does block merge on those. So "just skip CodeRabbit whenever Codex approves" would reduce review coverage, not merely trim latency, and shouldn't be done unilaterally. This issue is to track the tradeoff and land a fix, not to prescribe one. Some candidate directions:max_wait_seconds(e.g. a bounded probe), and treat a still-pending CodeRabbit review the same as the existing rc=4 "grace window elapsed" path (advisory, proceed) rather than the full ~20min ceiling.codex-review-request.sh) rather than only once atauto-merge-on-approvaltime, so by the time reviewer approval lands CodeRabbit has had the same head start Codex did. (Partially already happens by luck when approval is slow to land — the 51-run sample's 2 near-zero-wait cases — but isn't structural.)Pointers
.github/workflows/agent-review.yml:900-1011— the unconditional wait step.scripts/coderabbit-wait.sh— the underlying poll loop and its exit-code contract.scripts/merge-clearance-gate.sh— already has a related precedent:--derive-rate-limit-protectionlets a CodeRabbit rate-limit (rc=5) downgrade to non-blocking when Codex/Phase-4b clearance is already satisfied on HEAD (coderabbit-wait + codex: auto-request @codex while CodeRabbit is rate-limited, revert when the window elapses #489/auto-merge-on-approval fail-closes external-review PRs when CodeRabbit is rate-limited (cleared needs-external-review label mis-read as under-threshold) #713/Fix CodeRabbit rate-limit auto-merge after Phase 4b clearance #714). No analogous fast-path exists for the "CodeRabbit is just still running" case this issue is about.docs/audits/data/review-latency-2026-07/— the latency dataset cited above (Measure actual Codex review latency and retune every folklore-tuned wait window from the data #623).Surfaced during merge of PR #725 (fix for #724).