newrelic preparation for inference-orchestrator.

[rostilos]

moved content to ./src dir, corrected new inference-orchestrator path's in a deploy scripts & dockerfiles. FE submodule commit bump.

Summary by CodeRabbit

• New Features

  • Added New Relic APM monitoring for the inference-orchestrator service.

• Chores

  • Reorganized deployment artifact locations for the inference-orchestrator for consistency.
  • Updated deployment and Docker build configurations to align with the new layout and include New Relic support.
  • Added pre-flight check and volume mounting for the New Relic config.
  • Updated frontend submodule reference.

[coderabbitai]

Caution

Review failed

Pull request was closed or merged during review

📝 Walkthrough

Walkthrough

Moves inference-orchestrator artifacts and config into a new src/ subdirectory, adds New Relic Python APM configuration and Docker artifacts for the service, updates CI/build scripts and docker-compose references, and adds a New Relic preflight/config template for server initialization.

Changes

Cohort / File(s)	Summary
Build scripts deployment/build/development-build.sh, deployment/build/production-build.sh, deployment/ci/ci-build.sh	Updated copy destinations for inference-orchestrator .env and two MCP JARs to the src/ subdirectory; ci-build.sh also updates the inference-orchestrator image build context to use the src directory and Dockerfile.observable.
CI deploy/init deployment/ci/server-deploy.sh, deployment/ci/server-init.sh	Added inference-orchestrator/newrelic.ini to preflight config checks; server-init.sh now creates a config/inference-orchestrator/newrelic.ini template when missing and reports its presence in deployment summary.
Docker Compose deployment/docker-compose.yml, deployment/docker-compose.prod.yml	Changed inference-orchestrator build context to ../python-ecosystem/inference-orchestrator/src; production compose adds a read-only volume mount from ./config/inference-orchestrator/newrelic.ini → /app/newrelic.ini.
Inference-orchestrator source artifacts python-ecosystem/inference-orchestrator/src/.gitignore, python-ecosystem/inference-orchestrator/src/Dockerfile.observable, python-ecosystem/inference-orchestrator/src/requirements.txt	Added .gitignore; added Dockerfile.observable (multi-stage, Python 3.11, New Relic instrumentation, non-root runtime, copies JARs); added newrelic==11.5.0 to requirements.
New Relic image python-ecosystem/inference-orchestrator/newrelic/Dockerfile	Added Dockerfile that installs newrelic on Python 3.9-alpine and sets newrelic-admin as the entrypoint.
Frontend submodule frontend	Updated the frontend subproject commit reference (submodule update).

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• Refactor deployment scripts and configuration #141 — Overlaps in deployment/CI and docker-compose edits affecting inference-orchestrator paths and build scripts.
• 1.5.1 rc #145 — Related changes to inference-orchestrator Docker/deployment artifacts and build-context refactors.
• feat: Add New Relic configuration files and update deployment scripts… #142 — Also adds New Relic config handling and updates deployment scripts/docker-compose entries for newrelic files.

Poem

🐰
Soft hops to src, I rearrange,
APM light in a tidy range,
Configs copied, jars tucked in,
Newrelic watches, tail a-spin 🥕
Pipelines hum, the rabbit grins.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically summarizes the main change: integrating New Relic monitoring into the inference-orchestrator service, which aligns with the substantial changes to build scripts, Dockerfiles, configuration management, and dependencies across the deployment infrastructure.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch 1.5.5-rc

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (3)

deployment/ci/server-deploy.sh (1)

49-49: Consider validating newrelic.ini content, not just existence.

The server-init.sh creates this file with a placeholder license_key = REPLACE_WITH_YOUR_LICENSE_KEY. The current pre-flight check only verifies the file exists, allowing deployment to proceed with APM silently disabled.

♻️ Proposed enhancement to detect placeholder config

+# Warn if New Relic config still contains placeholder
+if grep -q "REPLACE_WITH_YOUR_LICENSE_KEY" "$CONFIG_DIR/inference-orchestrator/newrelic.ini" 2>/dev/null; then
+  echo "WARNING: inference-orchestrator/newrelic.ini contains placeholder license key"
+  echo "         New Relic APM will not report data until configured."
+fi
+
 cd "$DEPLOY_DIR"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@deployment/ci/server-deploy.sh` at line 49, The pre-flight check in
server-deploy.sh currently only verifies that
"$CONFIG_DIR/inference-orchestrator/newrelic.ini" exists but doesn't validate
its contents, so a placeholder license_key ("REPLACE_WITH_YOUR_LICENSE_KEY") can
slip through; update the check to open and inspect the file (referencing
"$CONFIG_DIR/inference-orchestrator/newrelic.ini" and the placeholder string
"REPLACE_WITH_YOUR_LICENSE_KEY") and fail with a clear error if the placeholder
or an empty license_key is present (exit non‑zero), otherwise proceed—this
ensures server-init.sh's placeholder isn't accepted as a valid New Relic config.

python-ecosystem/inference-orchestrator/src/requirements.txt (1)

1-1: asyncio is a standard library module—remove from requirements.

asyncio has been part of the Python standard library since version 3.4. Including it in requirements.txt is unnecessary and may pull in an outdated PyPI package with the same name.

♻️ Proposed fix

-asyncio
 fastapi

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@python-ecosystem/inference-orchestrator/src/requirements.txt` at line 1,
Remove the standard-library package entry "asyncio" from requirements.txt; it's
part of Python's stdlib (since 3.4) and should not be listed as a dependency to
avoid pulling an unrelated PyPI package—delete the "asyncio" line from the
requirements file and keep any real external dependencies only.

python-ecosystem/inference-orchestrator/src/.gitignore (1)

7-10: Maven-specific patterns are unnecessary in this Python project.

The patterns !.mvn/wrapper/maven-wrapper.jar, !**/src/main/**/target/, and !**/src/test/**/target/ are Maven conventions that don't apply to this Python directory. The MCP JARs copied here by CI are named codecrow-vcs-mcp-1.0.jar and codecrow-platform-mcp-1.0.jar, so the *.jar ignore on line 14 already handles them correctly.

Consider simplifying to just:

🧹 Proposed simplification

-target/
-!.mvn/wrapper/maven-wrapper.jar
-!**/src/main/**/target/
-!**/src/test/**/target/
+target/

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@python-ecosystem/inference-orchestrator/src/.gitignore` around lines 7 - 10,
Remove the Maven-specific negation patterns from .gitignore: delete the lines
"!.mvn/wrapper/maven-wrapper.jar", "!**/src/main/**/target/", and
"!**/src/test/**/target/" and keep the project-specific ignores (e.g., "target/"
and the existing "*.jar" rule) so CI-copied MCP JARs (codecrow-*-mcp-1.0.jar)
remain covered by the existing *.jar rule; update the file by removing only
those three Maven patterns.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@deployment/docker-compose.yml`:
- Around line 140-144: Change the JDWP debug binding and port mapping so the
debug port is only accessible from localhost: update the JAVA_OPTS jdwp address
from address=*:5006 to bind to 127.0.0.1 (e.g., address=127.0.0.1:5006) and
change the compose ports entry that currently reads "5006:5006" to bind to
localhost ("127.0.0.1:5006:5006"); the relevant symbols are JAVA_OPTS (the
-agentlib:jdwp setting) and the ports mapping "5006:5006".

In `@python-ecosystem/inference-orchestrator/newrelic/Dockerfile`:
- Around line 1-5: The orphaned Dockerfile
(python-ecosystem/inference-orchestrator/newrelic/Dockerfile) should be removed
or clarified: either delete this file if unused, or update its documentation to
state its intended purpose and ensure it matches the project's production setup
(use Python 3.11-slim-bullseye, pin newrelic to 11.5.0, add non-root user
creation, include a CMD that performs proper newrelic instrumentation rather
than just ENTRYPOINT ["newrelic-admin","run-program"], and reference how/when it
should be built), and ensure any README or docker-compose references point to
the correct Dockerfile (e.g., src/Dockerfile or src/Dockerfile.observable) to
avoid confusion.

In `@python-ecosystem/inference-orchestrator/src/Dockerfile.observable`:
- Around line 56-57: The Dockerfile copies only site-packages from the builder
stage but misses pip-installed executables (e.g. newrelic-admin) placed in
/usr/local/bin, causing the CMD that invokes newrelic-admin to fail; update the
Dockerfile observable to also copy executables from the builder (either copy
/usr/local/bin or at least copy the specific newrelic-admin binary) from the
builder stage into /usr/local/bin in the final image (preserving executable
permissions) so the CMD on line invoking newrelic-admin will find the binary.

---

Nitpick comments:
In `@deployment/ci/server-deploy.sh`:
- Line 49: The pre-flight check in server-deploy.sh currently only verifies that
"$CONFIG_DIR/inference-orchestrator/newrelic.ini" exists but doesn't validate
its contents, so a placeholder license_key ("REPLACE_WITH_YOUR_LICENSE_KEY") can
slip through; update the check to open and inspect the file (referencing
"$CONFIG_DIR/inference-orchestrator/newrelic.ini" and the placeholder string
"REPLACE_WITH_YOUR_LICENSE_KEY") and fail with a clear error if the placeholder
or an empty license_key is present (exit non‑zero), otherwise proceed—this
ensures server-init.sh's placeholder isn't accepted as a valid New Relic config.

In `@python-ecosystem/inference-orchestrator/src/.gitignore`:
- Around line 7-10: Remove the Maven-specific negation patterns from .gitignore:
delete the lines "!.mvn/wrapper/maven-wrapper.jar", "!**/src/main/**/target/",
and "!**/src/test/**/target/" and keep the project-specific ignores (e.g.,
"target/" and the existing "*.jar" rule) so CI-copied MCP JARs
(codecrow-*-mcp-1.0.jar) remain covered by the existing *.jar rule; update the
file by removing only those three Maven patterns.

In `@python-ecosystem/inference-orchestrator/src/requirements.txt`:
- Line 1: Remove the standard-library package entry "asyncio" from
requirements.txt; it's part of Python's stdlib (since 3.4) and should not be
listed as a dependency to avoid pulling an unrelated PyPI package—delete the
"asyncio" line from the requirements file and keep any real external
dependencies only.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 3b293151-18e0-4acd-ad6c-7336943ecb4e

📥 Commits

Reviewing files that changed from the base of the PR and between 4853f35 and af8e0b9.

📒 Files selected for processing (79)

• deployment/build/development-build.sh
• deployment/build/production-build.sh
• deployment/ci/ci-build.sh
• deployment/ci/server-deploy.sh
• deployment/ci/server-init.sh
• deployment/docker-compose.prod.yml
• deployment/docker-compose.yml
• frontend
• python-ecosystem/inference-orchestrator/newrelic/Dockerfile
• python-ecosystem/inference-orchestrator/src/.gitignore
• python-ecosystem/inference-orchestrator/src/Dockerfile
• python-ecosystem/inference-orchestrator/src/Dockerfile.observable
• python-ecosystem/inference-orchestrator/src/README.MD
• python-ecosystem/inference-orchestrator/src/api/__init__.py
• python-ecosystem/inference-orchestrator/src/api/app.py
• python-ecosystem/inference-orchestrator/src/api/middleware.py
• python-ecosystem/inference-orchestrator/src/api/routers/__init__.py
• python-ecosystem/inference-orchestrator/src/api/routers/commands.py
• python-ecosystem/inference-orchestrator/src/api/routers/health.py
• python-ecosystem/inference-orchestrator/src/api/routers/review.py
• python-ecosystem/inference-orchestrator/src/inspect_mcp_agent.py
• python-ecosystem/inference-orchestrator/src/llm/llm_factory.py
• python-ecosystem/inference-orchestrator/src/main.py
• python-ecosystem/inference-orchestrator/src/model/__init__.py
• python-ecosystem/inference-orchestrator/src/model/dtos.py
• python-ecosystem/inference-orchestrator/src/model/enrichment.py
• python-ecosystem/inference-orchestrator/src/model/enums.py
• python-ecosystem/inference-orchestrator/src/model/multi_stage.py
• python-ecosystem/inference-orchestrator/src/model/output_schemas.py
• python-ecosystem/inference-orchestrator/src/requirements.txt
• python-ecosystem/inference-orchestrator/src/server/command_queue_consumer.py
• python-ecosystem/inference-orchestrator/src/server/queue_consumer.py
• python-ecosystem/inference-orchestrator/src/server/stdin_handler.py
• python-ecosystem/inference-orchestrator/src/service/__init__.py
• python-ecosystem/inference-orchestrator/src/service/command/__init__.py
• python-ecosystem/inference-orchestrator/src/service/command/command_service.py
• python-ecosystem/inference-orchestrator/src/service/rag/__init__.py
• python-ecosystem/inference-orchestrator/src/service/rag/llm_reranker.py
• python-ecosystem/inference-orchestrator/src/service/rag/rag_client.py
• python-ecosystem/inference-orchestrator/src/service/review/__init__.py
• python-ecosystem/inference-orchestrator/src/service/review/issue_processor.py
• python-ecosystem/inference-orchestrator/src/service/review/orchestrator/__init__.py
• python-ecosystem/inference-orchestrator/src/service/review/orchestrator/agents.py
• python-ecosystem/inference-orchestrator/src/service/review/orchestrator/branch_analysis.py
• python-ecosystem/inference-orchestrator/src/service/review/orchestrator/context_helpers.py
• python-ecosystem/inference-orchestrator/src/service/review/orchestrator/json_utils.py
• python-ecosystem/inference-orchestrator/src/service/review/orchestrator/mcp_tool_executor.py
• python-ecosystem/inference-orchestrator/src/service/review/orchestrator/orchestrator.py
• python-ecosystem/inference-orchestrator/src/service/review/orchestrator/reconciliation.py
• python-ecosystem/inference-orchestrator/src/service/review/orchestrator/stage_0_planning.py
• python-ecosystem/inference-orchestrator/src/service/review/orchestrator/stage_1_file_review.py
• python-ecosystem/inference-orchestrator/src/service/review/orchestrator/stage_2_cross_file.py
• python-ecosystem/inference-orchestrator/src/service/review/orchestrator/stage_3_aggregation.py
• python-ecosystem/inference-orchestrator/src/service/review/orchestrator/stage_helpers.py
• python-ecosystem/inference-orchestrator/src/service/review/orchestrator/stages.py
• python-ecosystem/inference-orchestrator/src/service/review/orchestrator/verification_agent.py
• python-ecosystem/inference-orchestrator/src/service/review/review_service.py
• python-ecosystem/inference-orchestrator/src/tests/test_dependency_graph.py
• python-ecosystem/inference-orchestrator/src/tests/test_llm_reranker.py
• python-ecosystem/inference-orchestrator/src/utils/context_builder.py
• python-ecosystem/inference-orchestrator/src/utils/dependency_graph.py
• python-ecosystem/inference-orchestrator/src/utils/diff_parser.py
• python-ecosystem/inference-orchestrator/src/utils/diff_processor.py
• python-ecosystem/inference-orchestrator/src/utils/error_sanitizer.py
• python-ecosystem/inference-orchestrator/src/utils/file_classifier.py
• python-ecosystem/inference-orchestrator/src/utils/mcp_config.py
• python-ecosystem/inference-orchestrator/src/utils/mcp_pool.py
• python-ecosystem/inference-orchestrator/src/utils/prompt_logger.py
• python-ecosystem/inference-orchestrator/src/utils/prompts/constants_branch.py
• python-ecosystem/inference-orchestrator/src/utils/prompts/constants_mcp.py
• python-ecosystem/inference-orchestrator/src/utils/prompts/constants_shared.py
• python-ecosystem/inference-orchestrator/src/utils/prompts/constants_stage_0.py
• python-ecosystem/inference-orchestrator/src/utils/prompts/constants_stage_1.py
• python-ecosystem/inference-orchestrator/src/utils/prompts/constants_stage_2.py
• python-ecosystem/inference-orchestrator/src/utils/prompts/constants_stage_3.py
• python-ecosystem/inference-orchestrator/src/utils/prompts/prompt_builder.py
• python-ecosystem/inference-orchestrator/src/utils/prompts/prompt_constants.py
• python-ecosystem/inference-orchestrator/src/utils/response_parser.py
• python-ecosystem/inference-orchestrator/src/utils/signature_patterns.py

[codecrow-local]

⚠️ Code Analysis Results

Quality Gate Default Quality Gate: 🔴 FAILED

• HIGH Issues by Severity > 0 (actual: 1) - FAILED
• MEDIUM Issues by Severity > 0 (actual: 2) - FAILED

Summary

Pull Request Review: newrelic preparation for inference-orchestrator.

Status	PASS WITH WARNINGS
Risk Level	MEDIUM
Review Coverage	6 files analyzed in depth
Confidence	HIGH

---

Executive Summary

This PR prepares the inference-orchestrator service for New Relic observability by migrating source code into a src directory and introducing dedicated Docker configurations. While the integration of the New Relic agent is a positive step, the migration has introduced a critical mismatch in the Docker build context and created redundant Dockerfile implementations. The primary risk involves potential CI/CD failures due to broken file paths and inconsistent configuration management.

Recommendation

Decision: PASS WITH WARNINGS

The PR is architecturally sound in intent but requires immediate correction of the docker-compose.yml build context and consolidation of the redundant New Relic Dockerfiles. Addressing the hard dependency on external configuration files is recommended to ensure container portability across environments.

Issues Overview

Severity	Count
🔴 High	1	Critical issues requiring immediate attention
🟡 Medium	2	Issues that should be addressed
🔵 Low	1	Minor issues and improvements
✅ Resolved	1	Resolved issues

---

Analysis completed on 2026-03-06 09:53:01 | View Full Report | Pull Request

---

📋 Detailed Issues (4)

🔴 High Severity Issues

Id on Platform: 3790

Category: 🏗️ Architecture

File: deployment/docker-compose.yml:171

Broken Build Context due to Source Directory Migration

Broken Build Context due to Source Directory Migration
The migration of the inference-orchestrator source code into a 'src' subdirectory has created a mismatch between the Docker build context and the Dockerfile's expectations. The docker-compose.yml now sets the context to './python-ecosystem/inference-orchestrator/src', but the Dockerfile.observable (now inside that src folder) likely expects to find files like requirements.txt or configuration files that might still be at the parent level or were moved without updating the COPY commands relative to the new context.
Evidence: In docker-compose.yml, the context is changed to '.../src'. In Dockerfile.observable, 'COPY requirements.txt .' is called. If requirements.txt was moved into 'src', the context is correct but the Dockerfile is now inside the context it is trying to copy from, which can lead to recursive or pathing errors depending on how the build is invoked.
Business impact: CI/CD pipelines will fail during the image build phase, preventing deployment of the inference-orchestrator.
Also affects: python-ecosystem/inference-orchestrator/src/Dockerfile.observable

💡 Suggested Fix

Ensure the Dockerfile.observable is located at the root of the module (python-ecosystem/inference-orchestrator/) while the source code resides in /src, OR update the docker-compose context to the module root and update the Dockerfile to COPY src/ .

View Issue Details

---

🟡 Medium Severity Issues

Id on Platform: 3792

Category: 🏗️ Architecture

File: .../src/Dockerfile.observable:78

Implicit Runtime Dependency on External New Relic Config

Implicit Runtime Dependency on External New Relic Config
The Dockerfile sets a hard requirement for a configuration file at /app/newrelic.ini via environment variables, but does not include a default version of this file in the image. It relies entirely on external volume mounts or CI initialization scripts.
Evidence: Dockerfile.observable sets the ENV but has no COPY for the .ini file. Existing Implementation #1 and #6 show that this file is expected to be mounted from the host or generated by a shell script.
Business impact: The service will fail to report metrics or potentially fail to start in environments where the server-init.sh has not been run or the volume mount is misconfigured.
Also affects: deployment/docker-compose.prod.yml, deployment/ci/server-init.sh

💡 Suggested Fix

Add a 'newrelic.ini.sample' to the repository and have the Dockerfile COPY a default configuration that can be overridden by volumes if necessary, ensuring the container is 'secure/functional by default'.

View Issue Details

---

Id on Platform: 3793

Category: 🏗️ Architecture

File: .../newrelic/Dockerfile:1

Redundant New Relic Dockerfile Implementation

Redundant New Relic Dockerfile Implementation
The PR introduces a standalone New Relic Dockerfile in 'python-ecosystem/inference-orchestrator/newrelic/Dockerfile' while simultaneously adding New Relic dependencies and configurations to 'python-ecosystem/inference-orchestrator/src/Dockerfile.observable'.
Evidence: Existing Implementation #3 shows a new 5-line Dockerfile just for newrelic-admin, while Implementation #2 adds 'newrelic==11.5.0' to the main requirements.txt. This creates two different ways to containerize the same service's observability layer.
Business impact: Increased maintenance overhead and potential confusion regarding which container image is the authoritative source for production deployments.
Also affects: python-ecosystem/inference-orchestrator/src/Dockerfile.observable

💡 Suggested Fix

Consolidate the New Relic logic. If the goal is to use the New Relic Python agent, keep the changes in Dockerfile.observable and requirements.txt, and remove the redundant 'newrelic/Dockerfile'.

View Issue Details

---

🔵 Low Severity Issues

Id on Platform: 3791

Category: ✨ Best Practices

File: .../src/Dockerfile.observable:18

Inefficient pip install without requirements.txt isolation

The Dockerfile copies requirements.txt and then runs pip install. While this is standard, it's better to ensure that the pip cache is not included in the image (which is done) and that the layer is only rebuilt when requirements change. The current structure is fine, but using a virtual environment or a specific target directory can sometimes improve portability between stages.

💡 Suggested Fix

Consider using a virtual environment in the builder stage and copying the entire environment to the production stage to ensure consistency and isolation.

View Issue Details

---

Files Affected

• deployment/docker-compose.yml: 2 issues
• .../src/Dockerfile.observable: 2 issues
• .../newrelic/Dockerfile: 1 issue