ci: finalize CodeRabbit review posture, remove Gemini review-bot#6
Conversation
WS1 — Remove Gemini review-bot: - Delete .gemini/ (config.yaml + styleguide.md) - Reword codeql.yml header: quality review is CodeRabbit's job (was Gemini), point at .coderabbit.yaml (was deleted .gemini/styleguide.md) - No FORBIDDEN.md/AGENTS.md in this repo, so no legitimate gemini keeps remain; git grep -ni gemini is now CLEAN WS2 — L1 lint lanes: this umbrella is a minimal-CI aggregator. Workflows are codeql.yml + aggregate-changelog.yml + ecosystem-drift.yml only — there are NO L1 lint lanes (no lint.yml/doc-quality.yml/typos.yml), no package.json, no vendored audit-harness. Nothing to de-dup or give teeth to. Deterministic local checks pass on the real artifacts: actionlint clean, typos clean, lychee --offline 0 broken links across README.md + CHANGELOG.md. WS3 — Replace .coderabbit.yaml with the shared tuned block (assertive, terse, findings-only, built-in linters disabled, gitleaks on) + umbrella-specific path_instructions for the cross-repo generator scripts (aggregate-changelog.mjs, ecosystem-drift.py): flag silent-no-op/partial-output generators, aggregate non-determinism, fail-open drift checks, absolute /home paths, and README claims the code does not compute. Beads: bd_000-projects-mjt1
Summary of ChangesHello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request finalizes the CI/CD review strategy for the umbrella repository by removing legacy Gemini configurations and optimizing the CodeRabbit review posture. The changes ensure that semantic reviews are focused on cross-repo generator scripts while avoiding overlap with existing deterministic linting workflows. Highlights
Ignored Files
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize the Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counterproductive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here. Footnotes
|
|
Warning Review limit reached
More reviews will be available in 37 minutes and 11 seconds. Learn how PR review limits work. Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file). ⌛ How to resolve this issue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits. 🚦 How do rate limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan refill rate. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, the refill rate gradually slows as usage increases. The highest same-day bursts are limited more strictly. Please see our Fair Usage Limits Policy for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: ASSERTIVE Plan: Pro Run ID: 📒 Files selected for processing (11)
WalkthroughRemoves ChangesCodeRabbit Configuration Overhaul
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Code Review
This pull request updates the .coderabbit.yaml configuration to transition from Gemini Code Assist to CodeRabbit for semantic AI code reviews, disabling built-in linters in favor of L1 CI tools and adjusting review settings. Feedback on the changes suggests refining the path instructions for JavaScript and Python files to exclude advisory-only reports like ecosystem-drift.py from being flagged for exiting with 0, which would otherwise cause persistent false positives.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
| - path: "**/*.{mjs,js,ts,py}" | ||
| instructions: >- | ||
| Intent Eval Platform kernel review. These artifacts ship in signed | ||
| @intentsolutions/core entries that reach a transparency log — a wrong shape is | ||
| a one-way door whose cheap-fix window closes at the next git tag. Flag, by | ||
| priority: (1) three-way drift between a JSON Schema, its hand-written Zod | ||
| validator, and its Pydantic model — required/optional/nullable posture must | ||
| match EXACTLY in BOTH directions (optional-not-nullable AND required-but-nullable; | ||
| datamodel-code-generator renders a required-nullable field as `T | None = None`, | ||
| which wrongly makes the key omittable in Python while AJV/Zod require it). Verify | ||
| against the schema `required` array, not the generated default. (2) Cross-artifact | ||
| semantic drift — same-named fields with divergent type or meaning across two | ||
| schemas (sha256:-prefixed vs bare hex between a reference and its referent; | ||
| pre-edit vs post-edit), UNLESS it is a documented layer convention (entities use | ||
| bare sha256, in-toto predicates use sha256:-prefixed). (3) A cross-field invariant | ||
| stated in prose/$comment/Decision-Record but NOT enforced at all three layers | ||
| (JSON-Schema if/then + Zod superRefine + Pydantic model_validator) — an unenforced | ||
| invariant on a signed row is a falsified attestation waiting to be notarized. | ||
| (4) Lineage that claims tamper-evidence but rests on a reassignable UUID instead | ||
| of a content-hash chain. (5) A docblock claiming enforcement the code does not | ||
| implement. (6) A non-additive change to a published shape (removed/retyped field, | ||
| loosened constraint, widened closed enum) — those need a /v2 + Class-1 ISEDC. | ||
| Never edit _generated/* to fix Python parity — use a models.py wrapper subclass. | ||
| The umbrella ships cross-repo generator scripts (aggregate-changelog.mjs, | ||
| ecosystem-drift.py) that fan out over the member repos. Flag, by priority: (1) a | ||
| generator that silently no-ops or emits partial output on a missing/renamed member | ||
| repo (a fetch/parse failure swallowed; a repo list that drifts from the real 5+1 | ||
| set) and renders stale-as-complete. (2) non-determinism that makes the aggregate | ||
| output unreproducible (unsorted repo iteration, locale-dependent sort, timestamp in | ||
| committed output). (3) a drift-check that fails-open (exits 0 on detected drift). (4) | ||
| an absolute /home/jeremy path or a hardcoded token. (5) a claim in the README/aggregate | ||
| that the code does not actually compute. |
There was a problem hiding this comment.
The instruction to flag a drift-check that exits 0 on detected drift directly conflicts with the design of ecosystem-drift.py, which is explicitly documented to always exit 0 because drift is advisory-only (see scripts/ecosystem-drift.py line 13: ALWAYS exits 0. Drift is advisory; this script has no exit authority.). Instructing CodeRabbit to flag this will result in persistent false positives on every run. We should refine the instruction to exclude advisory-only reports like ecosystem-drift.py.
- path: "**/*.{mjs,js,ts,py}"
instructions: >-
The umbrella ships cross-repo generator scripts (aggregate-changelog.mjs,
ecosystem-drift.py) that fan out over the member repos. Flag, by priority: (1) a
generator that silently no-ops or emits partial output on a missing/renamed member
repo (a fetch/parse failure swallowed; a repo list that drifts from the real 5+1
set) and renders stale-as-complete. (2) non-determinism that makes the aggregate
output unreproducible (unsorted repo iteration, locale-dependent sort, timestamp in
committed output). (3) a drift-check that fails-open (except for advisory-only reports like ecosystem-drift.py which are designed to always exit 0). (4)
an absolute /home/jeremy path or a hardcoded token. (5) a claim in the README/aggregate
that the code does not actually compute.… typos) The umbrella repo had no Layer-1 lint lanes — only codeql + the two generator workflows. This brings it to the same L1 standard as intent-eval-core, mirroring that repo's lint.yml / doc-quality.yml / typos.yml and their configs. Lanes (all with teeth — no continue-on-error except the advisory Vale lane): - lint.yml: yamllint --strict (warnings fail) + actionlint fail_level: error, over .github/ + ecosystem.json. Config at repo-root .yamllint (umbrella has no .audit-harness/ vendor dir, so policy lives at the root). - doc-quality.yml: markdownlint-cli2-action@v17 + Vale (advisory) + lychee --offline with fail: true. - typos.yml: crate-ci/typos@v1.47.2, config auto-discovered from .typos.toml. Configs (copied/adapted from intent-eval-core): - .yamllint, .markdownlint-cli2.jsonc, lychee.toml (no [cache] table), .typos.toml (IEP terms: iec/iel/iah/iar/iaj, sops/sigstore/rekor/zod, cmo, unparseable), .vale.ini + vendored .vale/ IS vocab. - .gitignore: guard .lycheecache dotfile. No package.json in the umbrella, so the lanes are pure GitHub-Action workflows (no npm/ESLint/Prettier lane). All five tools pass clean locally: yamllint(0) actionlint(0) typos(0) lychee(0) markdownlint-cli2(0). - Jeremy Longshore intentsolutions.io
…status The reviewdog/action-actionlint github-pr-check reporter leaves a zero-findings run stuck at status=in_progress (conclusion=success but never "completed"), which surfaces as a permanently-pending required check in `gh pr checks`. Invoke the actionlint binary directly via its official installer instead — the binary's non-zero exit on any error IS the gate (same teeth as fail_level:error), and the job's own exit code drives a terminal completed/failure check status. - Jeremy Longshore intentsolutions.io
Finalizes the CI/CD review posture for the IEP umbrella repo. One branch, three workstreams.
WS1 — Remove Gemini (review-bot traces only)
.gemini/(config.yaml+styleguide.md)..github/workflows/codeql.ymlheader: quality/design/correctness review is now CodeRabbit's job (was Gemini), pointing at.coderabbit.yaml(the deleted.gemini/styleguide.mdreference is gone).FORBIDDEN.md/AGENTS.md, so there are no legitimate forbidden-package or agents.md-CLI gemini refs to keep.git grep -ni geminiis now CLEAN; no.geminidir remains.WS2 — Layer-1 lint lanes
This umbrella is a minimal-CI aggregator, not a code repo. The only workflows are
codeql.yml,aggregate-changelog.yml, andecosystem-drift.yml— there are no L1 lint lanes (nolint.yml/doc-quality.yml/typos.yml), nopackage.json, and no vendored audit-harness. Nothing to de-dup or give teeth to, and no lint lane was invented (no sibling lane here to mirror).Deterministic local checks pass on the real artifacts:
actionlint— cleantypos— cleanlychee --offline— 0 broken links acrossREADME.md+CHANGELOG.md(11 OK, 96 excluded http/mailto/mermaid)(yamllint default-config 80-char/document-start findings exist but are not gated by any lane here — no yamllint config or workflow in the repo — and CodeRabbit schema configs intentionally exceed 80 chars.)
WS3 — Tuned
.coderabbit.yamlReplaced with the shared validated block (assertive, terse, findings-only; built-in linters disabled so CodeRabbit never re-reports L1; gitleaks stays on) plus umbrella-specific
path_instructionsfor the cross-repo generator scripts (aggregate-changelog.mjs,ecosystem-drift.py): flag silent-no-op / partial-output generators, aggregate non-determinism, fail-open drift checks, absolute/homepaths or hardcoded tokens, and README claims the code does not compute.Notes
.harness-hash).intent-solutions-ioorg is an owner action — this PR ships the config regardless; whether a CodeRabbit check appears is reported separately.Beads: bd_000-projects-mjt1
Summary by CodeRabbit