[https://nvbugs/5883590][fix] Generate HMAC key for MGMN IPC server in disaggregated serving

[yibinl-nvidia]

Summary by CodeRabbit

• Bug Fixes
  • Enhanced inter-process communication security by implementing HMAC key authentication for proxy process interactions in the launcher.

Description

Test Coverage

PR Checklist

Please review the following before submitting your PR:

• PR description clearly explains what and why. If using CodeRabbit's summary, please make sure it makes sense.

• PR Follows TRT-LLM CODING GUIDELINES to the best of your knowledge.

• Test cases are provided for new code paths (see test instructions)

• Any new dependencies have been scanned for license and vulnerabilities

• CODEOWNERS updated if ownership changes

• Documentation updated as needed

• Update tava architecture diagram if there is a significant design change in PR.

• The reviewers assigned automatically/manually are appropriate for the PR.

• Please check this after reviewing the above items as appropriate for this PR.

GitHub Bot Help

To see a list of available CI bot commands, please comment /bot help.

[yibinl-nvidia]

@Superjomn could you also help to review this PR, thanks.

[coderabbitai]

📝 Walkthrough

Walkthrough

Added HMAC key generation and authentication to the disaggregated leader's proxy process launch. A fresh hex HMAC key is generated and passed to the forked proxy process via an environment variable, with corresponding validation assertions added to ensure the key is present during subprocess initialization.

Changes

Cohort / File(s)	Summary
HMAC Key Generation for Proxy Process tensorrt_llm/commands/serve.py	Added secrets import and modified _launch_disaggregated_leader to generate a hex HMAC key and pass it to the proxy process via TLLM_SPAWN_PROXY_PROCESS_IPC_HMAC_KEY environment variable. Updated assertions to validate key presence during subprocess launch.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description contains only the template with unfilled placeholder sections (Description, Test Coverage) and no substantive explanation of the changes, rationale, or test coverage.	Fill in the Description section explaining the issue and solution, and provide Test Coverage section listing relevant tests that safeguard the changes.
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically describes the main change: generating an HMAC key for MGMN IPC server in disaggregated serving, which matches the code modifications.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@tensorrt_llm/commands/serve.py`:
- Around line 1302-1304: The HMAC env assignment line is improperly formatted
causing yapf/CI failure; update the statement that sets
LlmLauncherEnvs.TLLM_SPAWN_PROXY_PROCESS_IPC_HMAC_KEY.value to use normal Python
formatting (e.g., a single continuous assignment line) and run the repository
formatter/pre-commit (yapf) so the change is committed; locate the assignment
referencing LlmLauncherEnvs.TLLM_SPAWN_PROXY_PROCESS_IPC_HMAC_KEY in serve.py
and reformat it, then run pre-commit or yapf and commit the resulting formatting
changes.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: f1822b6b-b2f9-4969-924c-2350c8fa6310

📥 Commits

Reviewing files that changed from the base of the PR and between b427d3b and 5a1ac79.

📒 Files selected for processing (1)

• tensorrt_llm/commands/serve.py

[yibinl-nvidia]

/bot run

[tensorrt-cicd]

PR_Github #41573 [ run ] triggered by Bot. Commit: 302077e Link to invocation

[tensorrt-cicd]

PR_Github #41573 [ run ] completed with state SUCCESS. Commit: 302077e
/LLM/main/L0_MergeRequest_PR pipeline #32484 completed with status: 'FAILURE'

CI Report

⚠️ Action Required:

• Please check the failed tests and fix your PR
• If you cannot view the failures, ask the CI triggerer to share details
• Once fixed, request an NVIDIA team member to trigger CI again

Link to invocation

[yibinl-nvidia]

/bot run --disable-fail-fast

[tensorrt-cicd]

PR_Github #41687 [ run ] triggered by Bot. Commit: 302077e Link to invocation

[tensorrt-cicd]

PR_Github #41687 [ run ] completed with state SUCCESS. Commit: 302077e
/LLM/main/L0_MergeRequest_PR pipeline #32589 completed with status: 'FAILURE'

CI Report

⚠️ Action Required:

• Please check the failed tests and fix your PR
• If you cannot view the failures, ask the CI triggerer to share details
• Once fixed, request an NVIDIA team member to trigger CI again

Link to invocation

[yibinl-nvidia]

/bot run

[tensorrt-cicd]

PR_Github #41847 [ run ] triggered by Bot. Commit: 302077e Link to invocation

[tensorrt-cicd]

PR_Github #41847 [ run ] completed with state SUCCESS. Commit: 302077e
/LLM/main/L0_MergeRequest_PR pipeline #32716 completed with status: 'SUCCESS'

CI Report

Link to invocation

[Superjomn]

LGTM