feat: ft_launcher integration of log analysis for restart decisions

[namitdhameja]

Integrates log analysis attribution into the fault-tolerance restart decision on the TCPStore host.
Modes: mcp (MCP subprocess; when FR is discovered, uses combined log_fr_analyzer), url (HTTP attrsvc).
CLI (representative): --ft-attribution-loganalysis, --ft-attribution-timeout, --ft-attribution-dry-run, --ft-slack-channel, --ft-slack-token-file, --ft-dataflow-index.

[greptile-apps]

Greptile Summary

This PR integrates log-analysis attribution (MCP subprocess via LogSage and HTTP URL backends) into the fault-tolerance launcher's restart decision, replacing the former single attrsvc client. It adds ft_attribution.py, SlackConfig, AttributionRunConfig, CLI flags, and wires them through FtRendezvousBarrierHandler.

• P1/Security (new, verified): FaultToleranceConfig.to_yaml_file uses dataclasses.asdict which serializes SlackConfig verbatim, writing the resolved auth value in cleartext to the saved YAML file. Use SlackConfig.to_dict() with the redacted mode for the slack key before dumping.
• Several issues flagged in prior review rounds remain unresolved — see previous thread comments for --ft-attribution-timeout default=60 overriding YAML, _invoke_run_with_min_healthy_policy bypassing attribution, env-var Slack fallback being disabled, and the Slack credential logged via rdzv_configs at INFO startup.

Confidence Score: 3/5

Multiple unresolved P1/security issues from prior review rounds plus a new P1 credential-leak in to_yaml_file make this unsafe to merge without fixes.

Score of 3 reflects one new confirmed P1/security finding (to_yaml_file credential exposure), plus several unresolved prior-review P1 and P0 issues affecting correctness and security.

src/nvidia_resiliency_ext/fault_tolerance/config.py (to_yaml_file credential leak), src/nvidia_resiliency_ext/fault_tolerance/launcher.py (timeout default, min-healthy bypass, credential in rdzv_configs log)

Security Review

• to_yaml_file credential leak (config.py:447): dataclasses.asdict bypasses SlackConfig's redacted serialization path, writing the resolved Slack auth value in cleartext to any YAML config file produced by to_yaml_file.
• Slack auth value in startup logs (launcher.py:1882, unresolved from prior review): config.rdzv_configs is logged at INFO on startup; when attribution is configured with Slack, AttributionRunConfig.to_dict serializes the auth value into that dict, exposing it in every launcher startup log entry.

Important Files Changed

Filename	Overview
src/nvidia_resiliency_ext/fault_tolerance/ft_attribution.py	New file: multi-backend attribution client for MCP and HTTP URL backends.
src/nvidia_resiliency_ext/fault_tolerance/config.py	Adds SlackConfig dataclass; to_yaml_file exposes auth field via dataclasses.asdict (P1/security).
src/nvidia_resiliency_ext/fault_tolerance/launcher.py	Major rework; unresolved issues: timeout default, min-healthy bypass, credential logging.
src/nvidia_resiliency_ext/fault_tolerance/ft_rendezvous_barrier.py	Replaces AttributionService with LogAnalysisClient; adds rollback and timing support.
src/nvidia_resiliency_ext/attribution/log_analyzer/runner.py	Adds notify_log_path_sync and extends run_log_analysis_sync with new kwargs.
src/nvidia_resiliency_ext/attribution/api_keys.py	Renames load_nvidia_api_key to load_llm_api_key and updates env var names.
tests/attribution/unit/test_api_keys.py	Tests updated for renamed function and new LLM_API_KEY_FILE file-read case.

Sequence Diagram

sequenceDiagram
    participant L as Launcher (store host)
    participant P as Healthy Peers
    participant A as Attribution Backends (MCP / HTTP)
    participant R as RendezvousBarrier

    L->>R: _increment_peer_aborted_count()
    P-->>R: observe peer_aborted_increased=True
    P->>P: _handle_restart_decision (notify_peer=False)
    L->>A: should_stop(cycle_log_file) [parallel fetch]
    alt Attribution says STOP
        A-->>L: True
        L->>R: _undo_peer_abort_notify() [best-effort]
        L->>R: set_permanently_closed()
        L->>L: _graceful_stop_requested=True
        P->>R: next_rendezvous() → RendezvousClosedError
    else Attribution says RESTART
        A-->>L: False
        L->>R: _open_rendezvous_for_restart()
        L->>L: _restart_workers()
        P->>R: next_rendezvous() → joins new round
    end

Loading

Comments Outside Diff (1)

1. src/nvidia_resiliency_ext/fault_tolerance/config.py, line 447-451 (link)

   to_yaml_file writes SlackConfig auth field in cleartext

   dataclasses.asdict(self) recursively serializes all nested dataclasses verbatim — including SlackConfig. If the Slack auth value was loaded from a path file by FaultToleranceConfig.from_args, the resolved string appears in the saved YAML in cleartext, turning a secure file-reference into an inline credential on disk.

   The fix is to replace the slack entry in the intermediate dict with the result of SlackConfig.to_dict() using the redacted mode (presence flag, not raw value) before calling yaml.dump.

_{Reviews (12): Last reviewed commit: "graceful_stop_requested" | Re-trigger Greptile}

[greptile-apps]

min-healthy crashes with barrier rendezvous

_invoke_run_with_min_healthy_policy calls rdzv_handler.try_set_worker_state (line 783) and rdzv_handler.get_worker_states (line 793), but FtRendezvousBarrierHandler implements neither — they exist only on FtRendezvousHandler (legacy). Any user who sets --ft-restart-policy min-healthy --ft-rdzv-impl barrier will get an AttributeError at the first worker failure. There is no validation or early error to prevent or warn about this combination.

[greptile-apps]

server_log_fd never closed in the parent process

server_log_fd is opened at line 3543 and passed to Popen, but the parent-side Python file object is never explicitly closed. The comment on line 3565 ("will be closed when server_process terminates") is incorrect — the subprocess only inherits a copy of the OS fd; the parent's Python object stays open until GC. The previous code used a try/finally to close it immediately after Popen:

server_log_fd = open(grpc_server_log, 'w')
try:
    server_process = subprocess.Popen(
        [...],
        stdout=server_log_fd,
        stderr=subprocess.STDOUT,
    )
finally:
    server_log_fd.close()
return server_process

[greptile-apps]

URL path silently lowercased before storage

v = val.strip().lower() and then _validate_attribution_url(v) — the full input including any URL path is lowercased. A URL like http://host:8000/My-API is silently stored as http://host:8000/my-api. The .lower() is only needed for the "lib"/"mcp" mode comparisons; original case should be preserved for the URL:

Suggested change

	v = val.strip().lower()
	if v == "lib":
	return cls(
	mode="lib",
	timeout_seconds=timeout_seconds,
	slack=slack,
	dataflow_index=dataflow_index,
	)
	if v == "mcp":
	return cls(
	mode="mcp",
	timeout_seconds=timeout_seconds,
	slack=slack,
	dataflow_index=dataflow_index,
	)
	url = _validate_attribution_url(v)
	v = val.strip().lower()
	if v == "lib":
	return cls(
	mode="lib",
	timeout_seconds=timeout_seconds,
	slack=slack,
	dataflow_index=dataflow_index,
	)
	if v == "mcp":
	return cls(
	mode="mcp",
	timeout_seconds=timeout_seconds,
	slack=slack,
	dataflow_index=dataflow_index,
	)
	url = _validate_attribution_url(val.strip())

[greptile-apps]

Tip:

Greploop — Automatically fix all review issues by running /greploops in Claude Code. It iterates: fix, push, re-review, repeat until 5/5 confidence.

Use the Greptile plugin for Claude Code to query reviews, search comments, and manage custom context directly from your terminal.

[greptile-apps]

default=60 silently overrides YAML attribution_timeout_seconds

--ft-attribution-timeout uses default=60, so getattr(args, "ft_attribution_timeout_seconds", None) always returns 60 (never None). In FaultToleranceConfig.from_args, the if val is not None: guard treats this as an explicit CLI value and overwrites whatever was loaded from YAML. A user who sets attribution_timeout_seconds: 120 in their config file will always get 60 seconds instead.

All other FT timeout CLI args (e.g. --ft-initial-rank-heartbeat-timeout, --ft-rank-heartbeat-timeout) correctly use default=None to avoid this problem.

Suggested change

	parser.add_argument(
	"--ft-attrsvc-port",
	"--ft_attrsvc_port",
	"--ft-attribution-timeout",
	"--ft_attribution_timeout",
	type=int,
	default=60,
	dest="ft_attribution_timeout_seconds",
	help="Attribution wait/timeout in seconds; skip result if exceeded (default: 60).",
	parser.add_argument(
	"--ft-attribution-timeout",
	"--ft_attribution_timeout",
	type=int,
	default=None,
	dest="ft_attribution_timeout_seconds",
	help="Attribution wait/timeout in seconds; skip result if exceeded (default: 60).",
	)

[greptile-apps]

Rendezvous opened and peers notified before attribution decision

_open_rendezvous_for_restart() and _increment_peer_aborted_count() are called unconditionally at lines 617–619, before _run_attribution() is checked at line 622. If attribution returns True ("do not restart"), this function returns False (line 632) — but the rendezvous round is already open and peers have been told to expect an imminent restart.

The consequence: peers see peer_aborted_count > 0 and enter _handle_restart_decision(open_rendezvous=False), decide to restart, and attempt to join a rendezvous this node will never complete. If enough peers survive, training restarts on a subset of nodes despite attribution explicitly saying "stop". If not enough peers survive, the rendezvous stalls until timeout.

The original code (before this PR) correctly placed peer notification and rendezvous opening inside the self._remaining_restarts > 0 branch, i.e., only after all "should we restart?" checks passed. The fix is to defer these side effects until after attribution and progress checks confirm a restart will actually happen.

[greptile-apps]

min-healthy policy silently bypasses attribution

_invoke_run_with_min_healthy_policy restarts directly via _open_rendezvous_for_restart() + _restart_workers() without calling _handle_restart_decision() or _run_attribution(). Any user who configures attribution_backends with --ft-restart-policy min-healthy will get attribution silently ignored on every restart — the analysis runs, but its "do not restart" signal is never acted upon.

The fix is to call _handle_restart_decision here just as _invoke_run_with_any_failed_policy does, or at minimum call _run_attribution() and respect its result before proceeding with the restart.

[greptile-apps]

Env-var Slack fallback silently disabled

_init_backends always calls configure(slack_bot_token="", ...) when no Slack config is set via CLI/YAML. Reading postprocessing/config.py, configure simply writes its arguments directly into the module-level singleton — passing an empty string sets config.slack_bot_token = "" and the env-var lookup is never triggered. The documented promise that Slack bot-token env vars are consulted as a fallback when --ft-slack-token-file is absent is therefore broken.

The module already provides configure_from_env, which treats a None argument as "not supplied — load from environment" while any non-None value is used as-is. The fix is to call configure_from_env instead of configure, passing None for the token/channel fields when they were not explicitly configured.

[greptile-apps]

Slack credential logged in plaintext at job startup

attribution_cfg.to_dict() embeds the raw Slack notification credential in the rendezvous config dict (via SlackConfig.to_dict called with secrets included). That dict is then printed at INFO level in launch_agent (line 1694), so every SLURM job log exposes the credential in plain text.

Since FtRendezvousBarrierHandler and LogAnalysisClient run in the same process as the launcher, the raw credential does not need to travel through the rendezvous config dict at all. The fix is to store only the credential file path there and have the handler read the file directly — a pattern already supported by SlackConfig.from_dict.

[greptile-apps]

Greptile encountered an error while reviewing this PR. Please reach out to support@greptile.com for assistance.