Skip to content

ci: finalize CodeRabbit review posture, remove Gemini review-bot#6

Merged
jeremylongshore merged 3 commits into
mainfrom
ci/coderabbit-final-and-noise-cleanup
Jun 19, 2026
Merged

ci: finalize CodeRabbit review posture, remove Gemini review-bot#6
jeremylongshore merged 3 commits into
mainfrom
ci/coderabbit-final-and-noise-cleanup

Conversation

@jeremylongshore

@jeremylongshore jeremylongshore commented Jun 19, 2026

Copy link
Copy Markdown
Contributor

Finalizes the CI/CD review posture for the IEP umbrella repo. One branch, three workstreams.

WS1 — Remove Gemini (review-bot traces only)

  • Deleted .gemini/ (config.yaml + styleguide.md).
  • Reworded .github/workflows/codeql.yml header: quality/design/correctness review is now CodeRabbit's job (was Gemini), pointing at .coderabbit.yaml (the deleted .gemini/styleguide.md reference is gone).
  • This repo has no FORBIDDEN.md / AGENTS.md, so there are no legitimate forbidden-package or agents.md-CLI gemini refs to keep. git grep -ni gemini is now CLEAN; no .gemini dir remains.

WS2 — Layer-1 lint lanes

This umbrella is a minimal-CI aggregator, not a code repo. The only workflows are codeql.yml, aggregate-changelog.yml, and ecosystem-drift.yml — there are no L1 lint lanes (no lint.yml / doc-quality.yml / typos.yml), no package.json, and no vendored audit-harness. Nothing to de-dup or give teeth to, and no lint lane was invented (no sibling lane here to mirror).

Deterministic local checks pass on the real artifacts:

  • actionlint — clean
  • typos — clean
  • lychee --offline0 broken links across README.md + CHANGELOG.md (11 OK, 96 excluded http/mailto/mermaid)

(yamllint default-config 80-char/document-start findings exist but are not gated by any lane here — no yamllint config or workflow in the repo — and CodeRabbit schema configs intentionally exceed 80 chars.)

WS3 — Tuned .coderabbit.yaml

Replaced with the shared validated block (assertive, terse, findings-only; built-in linters disabled so CodeRabbit never re-reports L1; gitleaks stays on) plus umbrella-specific path_instructions for the cross-repo generator scripts (aggregate-changelog.mjs, ecosystem-drift.py): flag silent-no-op / partial-output generators, aggregate non-determinism, fail-open drift checks, absolute /home paths or hardcoded tokens, and README claims the code does not compute.

Notes

  • No harness re-init — this repo vendors no audit-harness (no .harness-hash).
  • CodeRabbit GitHub App install on the intent-solutions-io org is an owner action — this PR ships the config regardless; whether a CodeRabbit check appears is reported separately.

Beads: bd_000-projects-mjt1

Summary by CodeRabbit

  • Chores
    • Updated internal code review and quality assurance tool configurations to streamline development workflows.
    • Removed legacy code review style guide configurations.

WS1 — Remove Gemini review-bot:
- Delete .gemini/ (config.yaml + styleguide.md)
- Reword codeql.yml header: quality review is CodeRabbit's job (was Gemini),
  point at .coderabbit.yaml (was deleted .gemini/styleguide.md)
- No FORBIDDEN.md/AGENTS.md in this repo, so no legitimate gemini keeps remain;
  git grep -ni gemini is now CLEAN

WS2 — L1 lint lanes: this umbrella is a minimal-CI aggregator. Workflows are
codeql.yml + aggregate-changelog.yml + ecosystem-drift.yml only — there are NO
L1 lint lanes (no lint.yml/doc-quality.yml/typos.yml), no package.json, no
vendored audit-harness. Nothing to de-dup or give teeth to. Deterministic
local checks pass on the real artifacts: actionlint clean, typos clean,
lychee --offline 0 broken links across README.md + CHANGELOG.md.

WS3 — Replace .coderabbit.yaml with the shared tuned block (assertive, terse,
findings-only, built-in linters disabled, gitleaks on) + umbrella-specific
path_instructions for the cross-repo generator scripts (aggregate-changelog.mjs,
ecosystem-drift.py): flag silent-no-op/partial-output generators, aggregate
non-determinism, fail-open drift checks, absolute /home paths, and README
claims the code does not compute.

Beads: bd_000-projects-mjt1
@gemini-code-assist

Copy link
Copy Markdown

Summary of Changes

Hello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request finalizes the CI/CD review strategy for the umbrella repository by removing legacy Gemini configurations and optimizing the CodeRabbit review posture. The changes ensure that semantic reviews are focused on cross-repo generator scripts while avoiding overlap with existing deterministic linting workflows.

Highlights

  • Gemini Removal: Removed all traces of Gemini review-bot configuration, including the .gemini directory and associated styleguide files.
  • CodeRabbit Configuration: Updated .coderabbit.yaml with a tuned, assertive configuration that disables built-in linters to avoid redundancy with L1 CI and focuses on semantic review for generator scripts.
  • CI/CD Posture: Finalized the review posture for the umbrella repository, ensuring clear separation between deterministic L1 linting, semantic CodeRabbit review, and CodeQL security scanning.
Ignored Files
  • Ignored by pattern: .gemini/** (2)
    • .gemini/config.yaml
    • .gemini/styleguide.md
  • Ignored by pattern: .github/workflows/** (1)
    • .github/workflows/codeql.yml
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize the Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counterproductive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

@coderabbitai

coderabbitai Bot commented Jun 19, 2026

Copy link
Copy Markdown

Review Change Stack

Warning

Review limit reached

@jeremylongshore, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 37 minutes and 11 seconds. Learn how PR review limits work.

Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file).

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits.

🚦 How do rate limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan refill rate.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, the refill rate gradually slows as usage increases. The highest same-day bursts are limited more strictly.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: e5d8b51f-b173-4f63-992b-ca6d369f737a

📥 Commits

Reviewing files that changed from the base of the PR and between f1e8b27 and 4d79347.

📒 Files selected for processing (11)
  • .github/workflows/doc-quality.yml
  • .github/workflows/lint.yml
  • .github/workflows/typos.yml
  • .gitignore
  • .markdownlint-cli2.jsonc
  • .typos.toml
  • .vale.ini
  • .vale/styles/config/vocabularies/IS/accept.txt
  • .vale/styles/config/vocabularies/IS/reject.txt
  • .yamllint
  • lychee.toml

Walkthrough

Removes .gemini/config.yaml and .gemini/styleguide.md entirely and rewrites .coderabbit.yaml with new tone instructions, updated review-behavior toggles, explicit suppression of all built-in linters, revised path filters, and replaced path-specific review instructions targeting generator determinism and CI workflow failure modes. A CodeQL workflow comment is reworded to credit CodeRabbit.

Changes

CodeRabbit Configuration Overhaul

Layer / File(s) Summary
Review behavior flags and CodeQL attribution
.coderabbit.yaml, .github/workflows/codeql.yml
Introduces tone_instructions for terse findings-only output; toggles request_changes_workflow on, collapse_walkthrough on, and disables high_level_summary, review_status, and several other summary flags. Updates the CodeQL workflow header comment to attribute quality/correctness review to CodeRabbit.
Built-in linter suppression and path filters
.coderabbit.yaml
Adds a tools block under auto_review that explicitly sets eslint, ruff, markdownlint, yamllint, actionlint, and shellcheck to false. Finalizes the path_filters exclusion list including !pnpm-lock.yaml.
Domain-specific path review instructions
.coderabbit.yaml
Replaces prior **/{schemas,src,python}/** instructions with two new targets: **/*.{mjs,js,ts,py} (generator determinism, stale-output failure modes) and **/*.{sh,yml,yaml} (fail-open/no-op CI patterns, @main/@latest pinning, unsafe bash array expansion under set -u).
Gemini config removal
.gemini/config.yaml, .gemini/styleguide.md
Both files deleted in full, removing all Gemini code-assist settings, ignore patterns, and the repo style guide used by Gemini reviews.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The PR title accurately summarizes the main changes: finalizing CodeRabbit review configuration and removing Gemini review-bot references. It's concise, specific, and clearly reflects the primary objectives across all three workstreams.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch ci/coderabbit-final-and-noise-cleanup

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request updates the .coderabbit.yaml configuration to transition from Gemini Code Assist to CodeRabbit for semantic AI code reviews, disabling built-in linters in favor of L1 CI tools and adjusting review settings. Feedback on the changes suggests refining the path instructions for JavaScript and Python files to exclude advisory-only reports like ecosystem-drift.py from being flagged for exiting with 0, which would otherwise cause persistent false positives.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

Comment thread .coderabbit.yaml
Comment on lines +53 to +63
- path: "**/*.{mjs,js,ts,py}"
instructions: >-
Intent Eval Platform kernel review. These artifacts ship in signed
@intentsolutions/core entries that reach a transparency log — a wrong shape is
a one-way door whose cheap-fix window closes at the next git tag. Flag, by
priority: (1) three-way drift between a JSON Schema, its hand-written Zod
validator, and its Pydantic model — required/optional/nullable posture must
match EXACTLY in BOTH directions (optional-not-nullable AND required-but-nullable;
datamodel-code-generator renders a required-nullable field as `T | None = None`,
which wrongly makes the key omittable in Python while AJV/Zod require it). Verify
against the schema `required` array, not the generated default. (2) Cross-artifact
semantic drift — same-named fields with divergent type or meaning across two
schemas (sha256:-prefixed vs bare hex between a reference and its referent;
pre-edit vs post-edit), UNLESS it is a documented layer convention (entities use
bare sha256, in-toto predicates use sha256:-prefixed). (3) A cross-field invariant
stated in prose/$comment/Decision-Record but NOT enforced at all three layers
(JSON-Schema if/then + Zod superRefine + Pydantic model_validator) — an unenforced
invariant on a signed row is a falsified attestation waiting to be notarized.
(4) Lineage that claims tamper-evidence but rests on a reassignable UUID instead
of a content-hash chain. (5) A docblock claiming enforcement the code does not
implement. (6) A non-additive change to a published shape (removed/retyped field,
loosened constraint, widened closed enum) — those need a /v2 + Class-1 ISEDC.
Never edit _generated/* to fix Python parity — use a models.py wrapper subclass.
The umbrella ships cross-repo generator scripts (aggregate-changelog.mjs,
ecosystem-drift.py) that fan out over the member repos. Flag, by priority: (1) a
generator that silently no-ops or emits partial output on a missing/renamed member
repo (a fetch/parse failure swallowed; a repo list that drifts from the real 5+1
set) and renders stale-as-complete. (2) non-determinism that makes the aggregate
output unreproducible (unsorted repo iteration, locale-dependent sort, timestamp in
committed output). (3) a drift-check that fails-open (exits 0 on detected drift). (4)
an absolute /home/jeremy path or a hardcoded token. (5) a claim in the README/aggregate
that the code does not actually compute.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The instruction to flag a drift-check that exits 0 on detected drift directly conflicts with the design of ecosystem-drift.py, which is explicitly documented to always exit 0 because drift is advisory-only (see scripts/ecosystem-drift.py line 13: ALWAYS exits 0. Drift is advisory; this script has no exit authority.). Instructing CodeRabbit to flag this will result in persistent false positives on every run. We should refine the instruction to exclude advisory-only reports like ecosystem-drift.py.

    - path: "**/*.{mjs,js,ts,py}"
      instructions: >-
        The umbrella ships cross-repo generator scripts (aggregate-changelog.mjs,
        ecosystem-drift.py) that fan out over the member repos. Flag, by priority: (1) a
        generator that silently no-ops or emits partial output on a missing/renamed member
        repo (a fetch/parse failure swallowed; a repo list that drifts from the real 5+1
        set) and renders stale-as-complete. (2) non-determinism that makes the aggregate
        output unreproducible (unsorted repo iteration, locale-dependent sort, timestamp in
        committed output). (3) a drift-check that fails-open (except for advisory-only reports like ecosystem-drift.py which are designed to always exit 0). (4)
        an absolute /home/jeremy path or a hardcoded token. (5) a claim in the README/aggregate
        that the code does not actually compute.

… typos)

The umbrella repo had no Layer-1 lint lanes — only codeql + the two generator
workflows. This brings it to the same L1 standard as intent-eval-core, mirroring
that repo's lint.yml / doc-quality.yml / typos.yml and their configs.

Lanes (all with teeth — no continue-on-error except the advisory Vale lane):
- lint.yml: yamllint --strict (warnings fail) + actionlint fail_level: error,
  over .github/ + ecosystem.json. Config at repo-root .yamllint (umbrella has no
  .audit-harness/ vendor dir, so policy lives at the root).
- doc-quality.yml: markdownlint-cli2-action@v17 + Vale (advisory) + lychee
  --offline with fail: true.
- typos.yml: crate-ci/typos@v1.47.2, config auto-discovered from .typos.toml.

Configs (copied/adapted from intent-eval-core):
- .yamllint, .markdownlint-cli2.jsonc, lychee.toml (no [cache] table),
  .typos.toml (IEP terms: iec/iel/iah/iar/iaj, sops/sigstore/rekor/zod, cmo,
  unparseable), .vale.ini + vendored .vale/ IS vocab.
- .gitignore: guard .lycheecache dotfile.

No package.json in the umbrella, so the lanes are pure GitHub-Action workflows
(no npm/ESLint/Prettier lane). All five tools pass clean locally:
yamllint(0) actionlint(0) typos(0) lychee(0) markdownlint-cli2(0).

- Jeremy Longshore
intentsolutions.io
…status

The reviewdog/action-actionlint github-pr-check reporter leaves a zero-findings
run stuck at status=in_progress (conclusion=success but never "completed"),
which surfaces as a permanently-pending required check in `gh pr checks`.

Invoke the actionlint binary directly via its official installer instead — the
binary's non-zero exit on any error IS the gate (same teeth as fail_level:error),
and the job's own exit code drives a terminal completed/failure check status.

- Jeremy Longshore
intentsolutions.io
@jeremylongshore jeremylongshore merged commit cca23c6 into main Jun 19, 2026
10 checks passed
@jeremylongshore jeremylongshore deleted the ci/coderabbit-final-and-noise-cleanup branch June 19, 2026 02:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant