ci(review-bots): on-demand, non-redundant Qodo + CodeRabbit split

[dotMavriQ]

What

Reworks the two AI review bots into non-overlapping, on-demand specialists — cutting token burn, stopping the per-PR "paused/quota" spam, and assigning each tool the lane it's documented to be best at.

Topology

Layer	Owner
PHP: bugs, security-in-code, N+1/query cost, Octane safety, Laravel 12 / Livewire 3 idiom, tests, /improve suggestions	Qodo (.pr_agent.toml) — highest measured bug-detection F1; multi-agent + RAG; /improve is its signature
Blade a11y / WCAG 2.2 AA / Core Web Vitals / theme tokens, walkthrough + sequence diagrams, secret/SAST scan	CodeRabbit (.coderabbit.yaml) — best at readable summaries + reading the rendered HTML/CSS
Style / PSR-12 / static analysis	CI (Pint + PHPStan-max + Rector, blocking)

Each config explicitly defers the other two lanes, so the bots don't double-report.

Redundancy removed

• Dropped CodeRabbit phpstan / phpcodesniffer / phpmd — CI already runs these, blocking. Kept only what CI lacks (gitleaks, trufflehog, semgrep, actionlint, yamllint, markdownlint).
• N+1 / query-perf is now Qodo-only; CodeRabbit keeps rendered-output CWV only.
• Architecture/idiom rules consolidated into a single best_practices.md (Qodo's /improve mechanism).

Spam control

• Both bots on-demand: CodeRabbit auto_review.enabled: false; Qodo pr_commands = []. Nothing posts until invoked (/review, /improve, or @coderabbitai review).
• CodeRabbit review_status: false suppresses the "review skipped/paused/quota" status comment. poem / suggested_reviewers / related_prs off to trim walkthrough filler.

Note: the "paused for this user" seat notice and the free-tier large-PR cap are account-side (app.coderabbit.ai / app.qodo.ai) and can't be fixed from the repo — but on-demand triggering stops them from appearing on every PR.

Also

• Reframed the stale /teal subpath rule as APP_URL-portable URL generation (prod is now the teal.dotmavriq.life subdomain).
• Un-ignored best_practices.md (blanket *.md ignore) so Qodo can read it.

🤖 Generated with Claude Code

Summary by CodeRabbit

• Documentation

  • Added comprehensive coding standards and best practices guide for the development team.

• Chores

  • Updated development configuration and review policies.

[qodo-code-review]

Qodo reviews are paused for this user.

Troubleshooting steps vary by plan Learn more →

On a Teams plan?
Reviews resume once this user has a paid seat and their Git account is linked in Qodo.
Link Git account →

Using GitHub Enterprise Server, GitLab Self-Managed, or Bitbucket Data Center?
These require an Enterprise plan - Contact us
Contact us →

[coderabbitai]

Looking for one thing? Review this PR in Change Stack to search files, summaries, diffs, and code without losing your place.

Warning

Ignoring CodeRabbit configuration file changes. For security, only the configuration from the base branch is applied for open source repositories.

Note

.coderabbit.yaml has unrecognized properties

CodeRabbit is using all valid settings from your configuration. Unrecognized properties (listed below) have been ignored and may indicate typos or deprecated fields that can be removed.

⚠️ Parsing warnings (1)

Validation error: Unrecognized key: "tools"

⚙️ Configuration instructions

• Please see the configuration documentation for more information.
• You can also validate your configuration using the online YAML validator.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: bcae2ce6-717e-4abd-a0d1-251484edbfed

📥 Commits

Reviewing files that changed from the base of the PR and between d669b65 and 68636d4.

📒 Files selected for processing (4)

• .coderabbit.yaml
• .gitignore
• .pr_agent.toml
• best_practices.md

---

📝 Walkthrough

Walkthrough

TEAL establishes a project standards document and shifts automated and on-demand review governance from full-stack PHP checks to presentation-layer, correctness, and test-focused policies. CodeRabbit now reviews Blade/CSS/assets for accessibility and Core Web Vitals instead of PHP logic; PR-Agent focuses suggestions on Laravel/Livewire correctness, security, and query efficiency.

Changes

Project Standards and Review Policy

Layer / File(s)	Summary
Project coding standards foundation best_practices.md	Non-negotiable architecture rules (no controllers, Livewire 3 safety, module boundaries), multi-tenancy and authorization patterns, performance code practices, external API connector discipline, data/schema conventions, and coding/testing expectations define TEAL's baseline.
CodeRabbit presentation-layer review policy .coderabbit.yaml	CodeRabbit scope shifts from full-stack PHP guidance to browser-received output: Blade/CSS/assets reviewed for WCAG 2.2 AA, Core Web Vitals, Livewire form safety, and image optimization; PHP logic, security scanning, tests, and style formatting explicitly out of scope. PHP static analysis tools disabled; auto-review turned off.
PR-Agent on-demand review configuration .pr_agent.toml	PR-Agent configured for manual, on-demand PR analysis requiring security/tests/split-ability checks and scoring, with code suggestions capped and focused on Laravel 12/Livewire 3/Octane correctness, query efficiency, auth/policy, and test coverage; presentation, CWV, and pure formatting explicitly excluded.
Configuration maintenance .gitignore	.gitignore adds best_practices.md to ignored files.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

📋 Standards written clear,
Two reviewers now appear—
One eyes the screen's glow,
One checks the logic flow,
Presentation and correctness near! 🎭✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly and clearly describes the main change: reconfiguring review bots (Qodo and CodeRabbit) into non-overlapping, on-demand specialists to reduce redundancy.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch ci/review-bots-on-demand

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}