Skip to content

auto-merge-on-approval waits full CodeRabbit window even when Codex already cleared — wasted CI minutes / agent turns #727

Description

@nathanjohnpayne

Summary

auto-merge-on-approval's "Wait for CodeRabbit review" step (.github/workflows/agent-review.yml:900-1011, delegating to scripts/coderabbit-wait.sh) blocks merge for up to coderabbit.max_wait_seconds (currently 1245s / ~20min) on every approved PR whenever coderabbit.enabled: true — with no check of whether Codex has already given an affirmative verdict on the same HEAD. Codex is the actual blocking bot-review gate (fleet-wide, CodeRabbit is comment-only/advisory — never CHANGES_REQUESTED); once Codex has cleared, waiting out CodeRabbit's own timeline adds pure latency and burns CI minutes + agent poll/approval turns for no additional gating value in the common case.

Concrete instance: PR #725

nathanjohnpayne/mergepath#725 — a single-word docs fix (visibility: privatepublic), about as low-risk a change as exists in this repo.

  • Codex posted an affirmative verdict at 2026-07-07T02:09:38Z (~5 min after the trigger).
  • Reviewer-identity approval landed at 2026-07-07T02:13:58Z.
  • The auto-merge-on-approval run (28836689381) then spent 5m40s (02:14:17Z02:19:57Z) in "Wait for CodeRabbit review" — nearly the entirety of the job's 6-minute runtime — before merging, even though Codex clearance was already ~5 minutes old by the time that step even started.

Systemic evidence

docs/audits/data/review-latency-2026-07/ (produced for #623, already committed) gives the fleet-wide distributions:

bot metric p50 p90 p99 max
Codex trigger → verdict (n=100) 217s 426s 630s 830s
CodeRabbit commit → review (n=142/143, rate_limited=false) 414s 861s 1136s 1219s

Codex's median verdict lands in well under half the time CodeRabbit's median review takes. Since the agent-driven flow typically posts reviewer approval right after Codex clears, this means on a large share of PRs — not just trivial ones — the auto-merge-on-approval wait step is very likely to actually block for real, non-trivial time purely because CodeRabbit hasn't finished yet, independent of whether the change is substantive enough to need that second opinion.

A quick sample of 51 recent pull_request_review-triggered Agent Review Pipeline runs on this repo found only 3 where auto-merge-on-approval actually ran the wait step (most approvals didn't re-arm the job or the job was skipped for other reasons) — of those, 1 (PR #725, above) waited 340s and 2 waited ~2s (CodeRabbit had already finished by the time the job ran). So the failure mode is intermittent by nature (depends on how fast the reviewer-approval lands relative to CodeRabbit's own timeline) rather than universal, but it is real and the fleet-wide latency data says it should recur often.

Why this isn't a trivial fix

CodeRabbit and Codex are intentionally complementary per REVIEW_POLICY.md § Phase 2.5 — CodeRabbit's Potential issue / ⚠️ findings are meant to be addressed independent of Codex's own review, and the wait step's rc=2 (findings present) branch does block merge on those. So "just skip CodeRabbit whenever Codex approves" would reduce review coverage, not merely trim latency, and shouldn't be done unilaterally. This issue is to track the tradeoff and land a fix, not to prescribe one. Some candidate directions:

  1. Short grace window post-Codex-clearance: once Codex has an affirmative verdict on HEAD, cap the CodeRabbit wait at something much shorter than the full max_wait_seconds (e.g. a bounded probe), and treat a still-pending CodeRabbit review the same as the existing rc=4 "grace window elapsed" path (advisory, proceed) rather than the full ~20min ceiling.
  2. Start the CodeRabbit wait earlier, e.g. in parallel with the Codex trigger (codex-review-request.sh) rather than only once at auto-merge-on-approval time, so by the time reviewer approval lands CodeRabbit has had the same head start Codex did. (Partially already happens by luck when approval is slow to land — the 51-run sample's 2 near-zero-wait cases — but isn't structural.)
  3. Downgrade CodeRabbit to fully async/post-merge advisory once both Codex clearance and reviewer approval are present, filing any post-hoc CodeRabbit findings as a follow-up issue instead of blocking merge. This is the most aggressive option and most directly matches the "CodeRabbit does not need to be triggered if Codex has already approved" framing, but most clearly trades away the Phase 2.5 guarantee and should get explicit sign-off before landing.

Pointers

Surfaced during merge of PR #725 (fix for #724).

Metadata

Metadata

Assignees

No one assigned

    Labels

    automationWorkflow and process automationdecision-neededNeeds a human decision before work proceeds (issue triage, not a PR merge gate)

    Projects

    Status
    Todo

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions