Skip to content

chore: add Qodo v2 (Qodo Platform) repo-level config#185

Open
k-taro56 wants to merge 5 commits into
mainfrom
eng-849
Open

chore: add Qodo v2 (Qodo Platform) repo-level config#185
k-taro56 wants to merge 5 commits into
mainfrom
eng-849

Conversation

@k-taro56

@k-taro56 k-taro56 commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

What

Adds repo-level configuration for the latest Qodo (v2, the "Qodo Platform" / Qodo Review generation, successor to Qodo Merge / PR-Agent v1), so the hosted Qodo GitHub app reviews PRs against this repo's conventions.

Two root files, both in the current v2 agentic shape:

  • .pr_agent.toml:
    • [github_app] automation: pr_commands = ["/agentic_describe", "/agentic_review"] on PR open, and handle_push_trigger = true with push_commands = ["/agentic_review"] on push. /agentic_review folds in the old /review + /improve + /compliance, so a single command gives review plus code suggestions.
    • [review_agent]: comments_location_policy = "both", inline_comments_severity_threshold = 2, and repo-specific issues_user_guidelines (Studio CSRF invariants, catalog rule, no formatting/import-order noise) + compliance_user_guidelines (bilingual docs, no em dashes, do-not-"fix" review-bot pitfalls).
    • [qodo_describe_agent]: publish_mode = "comment" (does not overwrite a human-authored PR body).
  • best_practices.md: the Arkor coding standard Qodo's compliance agent references. Invariants distilled from CONTRIBUTING.md / AGENTS.md / the actual packages/arkor source.

Config is kept minimal (only deliberate settings, no full-default copy) so future Qodo default changes still flow through.

Version note

.pr_agent.toml at the repo root is the correct file for both v1 and v2, but v2 replaces the legacy /review /describe /improve tools and [pr_reviewer] / [pr_description] sections with the /agentic_* commands and the [review_agent] / [qodo_describe_agent] sections used here. Every section/key was verified against the current v2 docs. For a single repo, best_practices.md's presence at the root is the enable trigger; the org-wide pr-agent-settings repo is not used.

Preconditions to take effect

  1. Merge to main: Qodo reads both files from the default branch root, so nothing applies until this lands.
  2. The Qodo GitHub app must be installed on the repo/org (it is; it is already commenting on this PR).

Review follow-ups addressed

  • Migrated from the initial v1 draft (/describe, /review, /improve, [pr_reviewer], [pr_description]) to the v2 agentic format (Codex).
  • Removed /generate_labels from pr_commands (it is a manual PR-comment command in v2, not an auto entry) and reduced push_commands to /agentic_review per the documented persistent-review trigger (Codex).
  • Fixed code references that did not exist on main: eventStreamPathPattern -> real jobEventsPathPattern; dropped an HMR-primitives section for APIs not implemented on main (Codex).
  • Removed a wrong "CLI runtime strings are exempt" note from the no-em-dash rule: ENG-764 removed that carve-out repo-wide (CodeRabbit).

Verification

  • Every TOML section/key checked against current Qodo v2 docs; code references grep-verified against packages/arkor/src.
  • No em dashes (repo-wide rule has no carve-out); TOML parses.

No code paths change, so no unit/e2e tests apply. No README/docs changes, so no bilingual doc pairing is required.

Summary by CodeRabbit

  • Documentation
    • Added repository guidance covering coding standards, documentation parity, formatting rules, and review expectations.
    • Included security and compliance notes for local authentication, host restrictions, dependency sourcing, and common pitfalls to avoid.
  • Chores
    • Added a repo-level configuration for automated review and description comments on pull requests and pushes.

Add repo-root .pr_agent.toml and best_practices.md to enable Qodo Merge /
Qodo Code Review automation: auto describe/review/improve on PR open and
re-review on push, full review sections with security and effort labels, and
a best-practices file capturing repo-specific invariants (bilingual docs, no
em dashes, Studio CSRF rules, HMR Symbol brands, catalog deps).
@coderabbitai

coderabbitai Bot commented Jul 3, 2026

Copy link
Copy Markdown

Review Change Stack

Warning

Review limit reached

@k-taro56, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 15 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 50a12658-1a47-42f0-b059-50a21fa2a7ef

📥 Commits

Reviewing files that changed from the base of the PR and between c82ce78 and 4b16c98.

📒 Files selected for processing (1)
  • .pr_agent.toml

Walkthrough

This PR adds a repo-level Qodo agent configuration and a new best-practices document covering documentation rules, Studio authentication constraints, dependency guidance, formatting ownership, and review pitfalls.

Changes

Agent Configuration and Documentation

Layer / File(s) Summary
PR agent configuration
.pr_agent.toml
Configures agent command wiring, review output policy, inline severity threshold, repository-specific issue/compliance guidance, and comment publishing for generated descriptions.
Best practices documentation
best_practices.md
Adds repository standards for bilingual docs, generated-copy boundaries, Mintlify anchors, prose formatting, Studio auth and host restrictions, dependency sourcing, lint ownership, and same-PR testing expectations.

Estimated code review effort: 2 (Simple) | ~10 minutes

Related Issues: None specified

Related PRs: None specified

Suggested labels: documentation, configuration

Suggested reviewers: None specified

Poem:
Config hums softly in the tree,
Docs pin down what must not be.
Tokens, anchors, rules in line,
Agents comment, guidance shines.

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately summarizes the main change: adding repo-level Qodo v2 configuration.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch eng-849
✨ Simplify code
  • Create PR with simplified code
  • Commit simplified code in branch eng-849

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@github-code-quality

github-code-quality Bot commented Jul 3, 2026

Copy link
Copy Markdown

Code Coverage Overview

Languages: TypeScript

TypeScript / code-coverage/arkor

The overall coverage remains at 99%, unchanged from the branch.

TypeScript / code-coverage/create-arkor

The overall coverage remains at 56%, unchanged from the branch.

TypeScript / code-coverage/cli-internal

The overall coverage remains at 97%, unchanged from the branch.

TypeScript / code-coverage/studio-app

The overall coverage remains at 53%, unchanged from the branch.


Updated July 03, 2026 20:38 UTC
Code Coverage is in Public Preview. Learn more and provide us with your feedback.

@codecov

codecov Bot commented Jul 3, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ All tests successful. No failed tests found.

📢 Thoughts on this report? Let us know!

@qodo-code-review

Copy link
Copy Markdown

PR Summary by Qodo

Add repo-level Qodo v2 configuration and best practices

⚙️ Configuration changes 📝 Documentation 🕐 10-20 Minutes

Grey Divider

AI Description

• Add repo-root Qodo v2 config to auto-run describe/review/improve and re-review on push.
• Enable richer review output (security/effort labels, TODO scan) with persistent comments.
• Codify Arkor-specific invariants in best_practices.md for automated “best practices” findings.
Diagram

graph TD
  CFG[".pr_agent.toml"] --> Q(["Qodo GitHub App (v2)"]) --> OUT["PR comments + labels"]
  BP["best_practices.md"] --> Q(["Qodo GitHub App (v2)"]) --> OUT["PR comments + labels"]
  EV(("PR opened / push")) --> Q(["Qodo GitHub App (v2)"]) --> OUT["PR comments + labels"]
  subgraph Legend
    direction LR
    _evt(("Event")) ~~~ _svc(["Service")) ~~~ _file["File"]
  end
Loading
High-Level Assessment

The following are alternative approaches to this PR:

1. Rely on Qodo defaults (no repo overrides)
  • ➕ Lowest maintenance; fewer pinned keys to revisit
  • ➕ Less risk of diverging from upstream behavior
  • ➖ No guarantee future default flips keep desired review coverage
  • ➖ Harder to encode repo-specific invariants (CSRF/HMR/bilingual docs/catalog rules)
2. Copy the full upstream default configuration into .pr_agent.toml
  • ➕ Fully deterministic behavior regardless of upstream default changes
  • ➕ Easier to audit in one place without referencing upstream defaults
  • ➖ High maintenance burden as upstream adds/renames options
  • ➖ More noise in diffs; harder to see intentional divergences
3. Centralize settings in an org-wide pr-agent-settings repo
  • ➕ Single place to manage policy across multiple repositories
  • ➕ Easier standardization at org scale
  • ➖ Overkill for a single repo and adds cross-repo coupling
  • ➖ Repo-specific invariants still need local encoding/overrides

Recommendation: Keep the current “minimal but intentionally pinned” repo-level config: it balances maintainability (few overrides) with safety (pin key review sections and automation triggers) while allowing a best_practices.md tailored to Arkor’s security/HMR/docs/catalog invariants. Consider org-wide centralization only if multiple repos adopt Qodo with shared policy.

Files changed (2) +166 / -0

Documentation (1) +84 / -0
best_practices.mdDocument Arkor invariants for Qodo “Organization best practices” findings +84/-0

Document Arkor invariants for Qodo “Organization best practices” findings

• Introduces a best-practices checklist for automated review: bilingual doc pairing rules, writing constraints (no em dashes with a narrow exception), known review-bot pitfalls, Studio CSRF/host-header/security requirements, HMR privacy guarantees, dependency/catalog and supply-chain guards, formatting/linting boundaries, and test expectations for logic changes.

best_practices.md

Other (1) +82 / -0
.pr_agent.tomlConfigure Qodo v2 automation, review depth, and suggestion/description output +82/-0

Configure Qodo v2 automation, review depth, and suggestion/description output

• Adds repo-root Qodo v2 settings to auto-run /describe, /review, and /improve on PR open and re-run describe/review on push. Enables persistent review comments, full optional review sections (score/tests/effort/splittability/security/TODO scan), and security/effort labels, plus guidance to avoid formatting/import-order noise and to prioritize Arkor-specific invariants.

.pr_agent.toml

@qodo-code-review

qodo-code-review Bot commented Jul 3, 2026

Copy link
Copy Markdown

Code Review by Qodo

🐞 Bugs (0) 📘 Rule violations (0) 📜 Skill insights (0)

Context used
✅ Compliance rules (platform): 30 rules

Grey Divider


Remediation recommended

1. Push skips /improve ✓ Resolved 🐞 Bug ≡ Correctness
Description
In .pr_agent.toml, the comment says pushes should generate “fresh suggestions”, but push_commands
only runs /describe and /review, so /improve (code suggestions) will not rerun on pushes and the
persistent suggestions comment can become stale.
Code

.pr_agent.toml[R14-25]

+# Full pipeline on every new PR, and a re-review + fresh suggestions on each push.
+[github_app]
+pr_commands = [
+  "/describe",
+  "/review",
+  "/improve",
+]
+handle_push_trigger = true
+push_commands = [
+  "/describe",
+  "/review",
+]
Relevance

⭐⭐⭐ High

Team often accepts fixes aligning config/comments with actual behavior to prevent stale/misleading
automation.

PR-#170
PR-#155
PR-#122

ⓘ Recommendations generated based on similar findings in past PRs

Evidence
The config explicitly states pushes should produce fresh suggestions, but /improve is only present
in pr_commands (PR open), not push_commands (push). Since code suggestions are configured as a
persistent comment, they can become stale when /improve isn’t rerun on pushes.

.pr_agent.toml[14-25]
.pr_agent.toml[60-73]

Agent prompt
The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

### Issue description
`.pr_agent.toml` claims that each push should trigger “fresh suggestions”, but the configured `push_commands` does not include `/improve`. This creates a mismatch between intended and actual automation, and can leave the code-suggestions persistent comment outdated relative to the latest commits.

### Issue Context
- `pr_commands` includes `/improve` for PR open.
- `handle_push_trigger = true` enables push-triggered commands.
- `push_commands` currently omits `/improve`.
- `pr_code_suggestions.persistent_comment = true` means suggestions are maintained as a single evolving comment, which can lag if not rerun.

### Fix Focus Areas
- .pr_agent.toml[14-25]

### Recommended fix
Do one of the following:
1. **If you truly want fresh suggestions on each push**: add `"/improve"` to `push_commands`.
2. **If you only want suggestions on PR open**: update the comment to remove/clarify the “fresh suggestions on each push” claim so it matches behavior.

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools


Grey Divider

Qodo Logo

Comment thread .pr_agent.toml Outdated

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 1ee5f50163

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread .pr_agent.toml Outdated
Comment on lines +17 to +19
"/describe",
"/review",
"/improve",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Use Qodo v2 agentic commands

For this file's stated Qodo v2 target, these auto-run entries are still the legacy v1 tool names. Qodo's v2 migration/reference docs say the new commands are prefixed with /agentic and that /agentic_describe//agentic_review replace /describe, /review, and /improve (https://docs.qodo.ai/install-and-configure/migrating-to-qodo-v2). On a new v2 installation, PR open events will not start the intended review/description flow; switch the GitHub pr_commands and the matching push_commands below to the v2 commands.

Useful? React with 👍 / 👎.

Comment thread .pr_agent.toml Outdated
enable_review_labels_security = true
enable_review_labels_effort = true
num_max_findings = 6
extra_instructions = """

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Attach guidance to Qodo v2 review agents

This repository-specific guidance is placed under the legacy [pr_reviewer] extra_instructions, which only applies to the old /review tool. In Qodo v2, the docs configure review guidance under [review_agent] as issues_user_guidelines and compliance_user_guidelines (https://docs.qodo.ai/code-review/extra-instructions), so once the config uses /agentic_review, these CSRF/HMR/catalog rules will be ignored by the review agents instead of shaping the hosted reviews.

Useful? React with 👍 / 👎.

Comment thread best_practices.md Outdated
Comment on lines +43 to +44
- `eventStreamPathPattern` may only list GET stream-only routes. Never add a
mutation endpoint to it.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Use the real Studio event-stream guard name

The Studio server's query-token whitelist is jobEventsPathPattern in packages/arkor/src/studio/server.ts, and a repo-wide rg eventStreamPathPattern only finds these new guidance files. Because this rule names a guard that does not exist, Qodo is less likely to anchor reviews on the actual route gate when a PR changes the /api/jobs/:id/events exception; rename this to the real jobEventsPathPattern so the security invariant points at the code reviewers need to inspect.

Useful? React with 👍 / 👎.

Comment thread best_practices.md Outdated
Comment on lines +51 to +53
- `requestEarlyStop()` and `replaceCallbacks()` are dev-only HMR primitives kept
behind `Symbol.for("arkor.trainer.*")` brands. Do not surface them on the
public `Trainer` interface.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Remove stale HMR-only rules

These HMR primitives are not present in the current repo: a repo-wide search for requestEarlyStop, replaceCallbacks, configHash, and SIGUSR2 only matches these new Qodo guidance files. Importing this into Qodo Review Standards would create rules for a non-existent Trainer hot-swap API, which can produce noisy or misleading findings on ordinary Trainer/Studio changes; remove this section or replace it with invariants that exist in the codebase.

Useful? React with 👍 / 👎.

Comment thread .pr_agent.toml Outdated
"""

# --- Description tool --------------------------------------------------------
[pr_description]

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Move PR description options to v2 config

This block is the legacy /describe tool configuration, but the file is intended for Qodo v2. In the v2 reference, PR summary configuration is under [qodo_describe_agent] (for example publish_mode), and label generation is handled by the v2 label-generation feature rather than these [pr_description] keys (https://docs.qodo.ai/install-and-configure/configuration-overview/configuration-and-command-reference). After fixing the commands to /agentic_describe, the title/label/type/diagram settings here will not shape the generated PR summary as the comments claim.

Useful? React with 👍 / 👎.

Address PR review:
- Migrate to the current Qodo v2 (Qodo Review / Qodo Platform) format: use
  /agentic_describe + /agentic_review (which fold in /improve and /compliance)
  and /generate_labels in [github_app], move review guidance to [review_agent]
  (issues_user_guidelines / compliance_user_guidelines) and description to
  [qodo_describe_agent]. Verified every section/key against the current v2 docs.
  This also resolves the 'push skips /improve' finding, since /agentic_review
  includes code suggestions.
- Fix code references that do not exist on main (they were future-branch state):
  eventStreamPathPattern -> real jobEventsPathPattern; drop the HMR-primitives
  section (requestEarlyStop/replaceCallbacks/configHash/SIGUSR2/trainRegistry
  are not implemented on main).

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds two repo-root configuration files so the hosted Qodo (v2 / "Qodo Platform") GitHub app reviews PRs against this repository's conventions. .pr_agent.toml tunes which agentic commands run on PR open/push and configures the review and describe agents, while best_practices.md distills the repo's invariants (bilingual docs, Studio CSRF token, dependency catalog, formatting boundaries, testing) for Qodo's compliance/best-practices findings. No code paths change.

Changes:

  • Add .pr_agent.toml configuring [github_app] command triggers plus [review_agent] and [qodo_describe_agent] behavior, with Arkor-specific issue/compliance guidelines.
  • Add best_practices.md capturing repo conventions and a "do not fix these" section for known review-bot pitfalls.
  • The config's Studio-security references (jobEventsPathPattern, X-Arkor-Studio-Token, timingSafeEqual, loopback allow-list, no CORS) were verified accurate against packages/arkor/src/studio/server.ts.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File Description
.pr_agent.toml Qodo v2 automation config: agentic command triggers, review agent (comment policy, severity threshold, issue/compliance guidelines), describe agent publish mode.
best_practices.md Repo invariants for Qodo best-practice findings: bilingual docs, writing style, review pitfalls, Studio security, dependencies/supply-chain, formatting boundaries, testing.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .pr_agent.toml Outdated
Comment on lines +16 to +25
pr_commands = [
"/agentic_describe",
"/agentic_review",
"/generate_labels",
]
handle_push_trigger = true
push_commands = [
"/agentic_describe",
"/agentic_review",
]

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.pr_agent.toml:
- Around line 52-60: Update the compliance guidance in .pr_agent.toml so it
matches AGENTS.md and best_practices.md: remove the CLI runtime user-facing
strings exception from compliance_user_guidelines and keep the no-em-dash rule
unconditional. Make the wording consistent with the linked
issues_user_guidelines/best_practices.md references so the compliance agent does
not treat CLI runtime messages as exempt.

In `@best_practices.md`:
- Around line 21-24: The writing style guidance in best_practices.md incorrectly
says CLI runtime strings are exempt from the no-em-dash rule, which conflicts
with the repo’s actual style policy. Update that bullet to state that no em
dashes are allowed anywhere, including CLI runtime messages, and keep the rule
wording consistent with the Style conventions used by the docs so Qodo does not
infer an exception where none exists.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: c0c6a2db-749c-4adc-a3b8-f6a680c5f792

📥 Commits

Reviewing files that changed from the base of the PR and between 561eae1 and e5ce1ec.

📒 Files selected for processing (2)
  • .pr_agent.toml
  • best_practices.md
📜 Review details
⏰ Context from checks skipped due to timeout. (170)
  • GitHub Check: install · pnpm-9 · windows-latest · node 24.0.0
  • GitHub Check: install · pnpm-9 · ubuntu-latest · node >=22.22.0 <23
  • GitHub Check: install · pnpm-10 · macos-latest · node >=24.12.0 <25
  • GitHub Check: install · pnpm-10 · macos-latest · node 24.12.0
  • GitHub Check: install · yarn · macos-latest · node 24.0.0
  • GitHub Check: install · pnpm-9 · macos-latest · node >=24.12.0 <25
  • GitHub Check: install · yarn-berry · macos-latest · node 24.12.0
  • GitHub Check: install · pnpm-9 · macos-latest · node 24.0.0
  • GitHub Check: install · yarn-berry · macos-latest · node 24.0.0
  • GitHub Check: install · pnpm-11 · macos-latest · node 24.0.0
  • GitHub Check: install · pnpm-11 · macos-latest · node 24.12.0
  • GitHub Check: install · yarn · macos-latest · node >=22.22.0 <23
  • GitHub Check: install · yarn · macos-latest · node 24.12.0
  • GitHub Check: install · npm · macos-latest · node 24.0.0
  • GitHub Check: install · yarn-berry · macos-latest · node 22.22.0
  • GitHub Check: install · bun · macos-latest · node 24.0.0
  • GitHub Check: install · pnpm-9 · macos-latest · node 24.12.0
  • GitHub Check: install · pnpm-9 · macos-latest · node 22.22.0
  • GitHub Check: install · pnpm-10 · macos-latest · node >=22.22.0 <23
  • GitHub Check: install · bun · macos-latest · node >=22.22.0 <23
  • GitHub Check: install · pnpm-11 · macos-latest · node >=22.22.0 <23
  • GitHub Check: install · bun · macos-latest · node 22.22.0
  • GitHub Check: install · yarn-berry · macos-latest · node >=22.22.0 <23
  • GitHub Check: install · pnpm-9 · macos-latest · node >=22.22.0 <23
  • GitHub Check: install · pnpm-11 · macos-latest · node 22.22.0
  • GitHub Check: install · bun · windows-latest · node 26.0.0
  • GitHub Check: install · yarn-berry · windows-latest · node >=26.0.0 <27
  • GitHub Check: install · bun · windows-latest · node >=26.0.0 <27
  • GitHub Check: install · pnpm-10 · windows-latest · node >=26.0.0 <27
  • GitHub Check: install · yarn · macos-latest · node 22.22.0
  • GitHub Check: install · yarn · windows-latest · node >=24.12.0 <25
  • GitHub Check: install · npm · windows-latest · node >=26.0.0 <27
  • GitHub Check: install · yarn-berry · windows-latest · node 26.0.0
  • GitHub Check: install · npm · windows-latest · node >=24.12.0 <25
  • GitHub Check: install · yarn · windows-latest · node 26.0.0
  • GitHub Check: install · npm · windows-latest · node 26.0.0
  • GitHub Check: install · pnpm-9 · windows-latest · node 24.12.0
  • GitHub Check: install · pnpm-10 · windows-latest · node 26.0.0
  • GitHub Check: install · pnpm-11 · windows-latest · node >=24.12.0 <25
  • GitHub Check: install · yarn-berry · windows-latest · node 24.0.0
  • GitHub Check: install · pnpm-10 · windows-latest · node >=24.12.0 <25
  • GitHub Check: install · pnpm-11 · windows-latest · node 24.12.0
  • GitHub Check: install · pnpm-9 · windows-latest · node >=26.0.0 <27
  • GitHub Check: install · pnpm-9 · windows-latest · node >=24.12.0 <25
  • GitHub Check: install · npm · windows-latest · node 24.12.0
  • GitHub Check: install · bun · windows-latest · node 24.0.0
  • GitHub Check: install · pnpm-10 · windows-latest · node 24.0.0
  • GitHub Check: install · bun · windows-latest · node 22.22.0
  • GitHub Check: install · npm · windows-latest · node 22.22.0
  • GitHub Check: install · pnpm-10 · windows-latest · node 22.22.0
  • GitHub Check: install · pnpm-9 · windows-latest · node >=22.22.0 <23
  • GitHub Check: install · pnpm-10 · windows-latest · node >=22.22.0 <23
  • GitHub Check: install · yarn · windows-latest · node 22.22.0
  • GitHub Check: install · pnpm-11 · windows-latest · node >=22.22.0 <23
  • GitHub Check: install · yarn-berry · windows-latest · node >=22.22.0 <23
  • GitHub Check: install · bun · windows-latest · node >=22.22.0 <23
  • GitHub Check: install · npm · windows-latest · node >=22.22.0 <23
  • GitHub Check: install · yarn · windows-latest · node >=22.22.0 <23
  • GitHub Check: install · npm · ubuntu-latest · node >=26.0.0 <27
  • GitHub Check: install · pnpm-11 · windows-latest · node 22.22.0
  • GitHub Check: install · yarn-berry · windows-latest · node 22.22.0
  • GitHub Check: install · yarn · ubuntu-latest · node 26.0.0
  • GitHub Check: install · yarn-berry · ubuntu-latest · node >=26.0.0 <27
  • GitHub Check: install · pnpm-9 · windows-latest · node 24.0.0
  • GitHub Check: install · pnpm-9 · windows-latest · node 22.22.0
  • GitHub Check: install · yarn-berry · ubuntu-latest · node 26.0.0
  • GitHub Check: install · pnpm-11 · ubuntu-latest · node >=26.0.0 <27
  • GitHub Check: install · npm · ubuntu-latest · node 26.0.0
  • GitHub Check: install · yarn · ubuntu-latest · node >=26.0.0 <27
  • GitHub Check: install · pnpm-10 · ubuntu-latest · node >=26.0.0 <27
  • GitHub Check: install · bun · ubuntu-latest · node >=26.0.0 <27
  • GitHub Check: install · pnpm-9 · ubuntu-latest · node >=26.0.0 <27
  • GitHub Check: install · pnpm-10 · ubuntu-latest · node 26.0.0
  • GitHub Check: install · bun · ubuntu-latest · node 26.0.0
  • GitHub Check: install · bun · ubuntu-latest · node >=24.12.0 <25
  • GitHub Check: install · pnpm-11 · ubuntu-latest · node 26.0.0
  • GitHub Check: install · pnpm-9 · ubuntu-latest · node >=24.12.0 <25
  • GitHub Check: install · yarn-berry · ubuntu-latest · node 24.12.0
  • GitHub Check: install · bun · ubuntu-latest · node 24.0.0
  • GitHub Check: install · bun · ubuntu-latest · node >=22.22.0 <23
  • GitHub Check: install · pnpm-9 · ubuntu-latest · node 26.0.0
  • GitHub Check: install · pnpm-9 · ubuntu-latest · node 24.0.0
  • GitHub Check: install · npm · ubuntu-latest · node >=24.12.0 <25
  • GitHub Check: install · pnpm-10 · ubuntu-latest · node >=22.22.0 <23
  • GitHub Check: install · yarn · ubuntu-latest · node 24.12.0
  • GitHub Check: install · yarn-berry · ubuntu-latest · node >=22.22.0 <23
  • GitHub Check: install · pnpm-9 · ubuntu-latest · node 24.12.0
  • GitHub Check: install · bun · ubuntu-latest · node 24.12.0
  • GitHub Check: install · yarn · ubuntu-latest · node >=24.12.0 <25
  • GitHub Check: install · yarn · ubuntu-latest · node >=22.22.0 <23
  • GitHub Check: install · yarn-berry · ubuntu-latest · node 24.0.0
  • GitHub Check: install · pnpm-10 · ubuntu-latest · node 24.12.0
  • GitHub Check: install · npm · ubuntu-latest · node 24.12.0
  • GitHub Check: install · yarn · ubuntu-latest · node 24.0.0
  • GitHub Check: install · yarn-berry · ubuntu-latest · node >=24.12.0 <25
  • GitHub Check: install · npm · ubuntu-latest · node 24.0.0
  • GitHub Check: install · pnpm-11 · ubuntu-latest · node >=24.12.0 <25
  • GitHub Check: install · pnpm-10 · ubuntu-latest · node >=24.12.0 <25
  • GitHub Check: install · pnpm-9 · ubuntu-latest · node 22.22.0
  • GitHub Check: install · npm · ubuntu-latest · node 22.22.0
  • GitHub Check: install · pnpm-9 · ubuntu-latest · node >=22.22.0 <23
  • GitHub Check: install · pnpm-11 · ubuntu-latest · node 24.0.0
  • GitHub Check: install · pnpm-11 · ubuntu-latest · node 24.12.0
  • GitHub Check: install · pnpm-11 · ubuntu-latest · node >=22.22.0 <23
  • GitHub Check: install · bun · ubuntu-latest · node 22.22.0
  • GitHub Check: install · npm · ubuntu-latest · node >=22.22.0 <23
  • GitHub Check: install · pnpm-10 · ubuntu-latest · node 24.0.0
  • GitHub Check: install · pnpm-10 · ubuntu-latest · node 22.22.0
  • GitHub Check: install · pnpm-11 · ubuntu-latest · node 22.22.0
  • GitHub Check: install · yarn-berry · ubuntu-latest · node 22.22.0
  • GitHub Check: install · yarn · ubuntu-latest · node 22.22.0
  • GitHub Check: typecheck · lint · test · build · macos-latest · node 24.12.0
  • GitHub Check: typecheck · lint · test · build · macos-latest · node 26.0.0
  • GitHub Check: typecheck · lint · test · build · macos-latest · node >=24.8.0 <24.10.0
  • GitHub Check: typecheck · lint · test · build · windows-latest · node >=26.0.0 <27
  • GitHub Check: typecheck · lint · test · build · macos-latest · node >=24.12.0 <25
  • GitHub Check: typecheck · lint · test · build · macos-latest · node >=24.5.0 <24.8.0
  • GitHub Check: typecheck · lint · test · build · macos-latest · node >=26.0.0 <27
  • GitHub Check: typecheck · lint · test · build · windows-latest · node >=24.8.0 <24.10.0
  • GitHub Check: typecheck · lint · test · build · macos-latest · node >=24.10.0 <24.12.0
  • GitHub Check: typecheck · lint · test · build · windows-latest · node >=24.5.0 <24.8.0
  • GitHub Check: typecheck · lint · test · build · windows-latest · node >=24.3.0 <24.5.0
  • GitHub Check: typecheck · lint · test · build · macos-latest · node 22.22.0
  • GitHub Check: typecheck · lint · test · build · windows-latest · node 24.12.0
  • GitHub Check: typecheck · lint · test · build · macos-latest · node >=24.0.0 <24.1.0
  • GitHub Check: typecheck · lint · test · build · windows-latest · node 22.22.0
  • GitHub Check: typecheck · lint · test · build · windows-latest · node >=24.12.0 <25
  • GitHub Check: typecheck · lint · test · build · windows-latest · node 26.0.0
  • GitHub Check: typecheck · lint · test · build · windows-latest · node >=24.10.0 <24.12.0
  • GitHub Check: typecheck · lint · test · build · macos-latest · node >=24.3.0 <24.5.0
  • GitHub Check: typecheck · lint · test · build · macos-latest · node >=24.1.0 <24.3.0
  • GitHub Check: typecheck · lint · test · build · windows-latest · node >=24.1.0 <24.3.0
  • GitHub Check: typecheck · lint · test · build · macos-latest · node >=22.22.0 <23
  • GitHub Check: typecheck · lint · test · build · ubuntu-latest · node 24.12.0
  • GitHub Check: typecheck · lint · test · build · windows-latest · node >=22.22.0 <23
  • GitHub Check: typecheck · lint · test · build · windows-latest · node >=24.0.0 <24.1.0
  • GitHub Check: typecheck · lint · test · build · ubuntu-latest · node >=24.5.0 <24.8.0
  • GitHub Check: typecheck · lint · test · build · ubuntu-latest · node >=24.3.0 <24.5.0
  • GitHub Check: typecheck · lint · test · build · ubuntu-latest · node >=24.12.0 <25
  • GitHub Check: typecheck · lint · test · build · ubuntu-latest · node >=24.10.0 <24.12.0
  • GitHub Check: coverage · upload to Codecov
  • GitHub Check: Analyze (javascript-typescript)
  • GitHub Check: Analyze (javascript-typescript)
  • GitHub Check: typecheck · lint · test · build · macos-latest · node >=24.3.0 <24.5.0
  • GitHub Check: typecheck · lint · test · build · windows-latest · node 24.12.0
  • GitHub Check: typecheck · lint · test · build · windows-latest · node >=24.0.0 <24.1.0
  • GitHub Check: typecheck · lint · test · build · macos-latest · node >=24.10.0 <24.12.0
  • GitHub Check: typecheck · lint · test · build · macos-latest · node 26.0.0
  • GitHub Check: typecheck · lint · test · build · macos-latest · node >=24.8.0 <24.10.0
  • GitHub Check: typecheck · lint · test · build · macos-latest · node >=26.0.0 <27
  • GitHub Check: typecheck · lint · test · build · macos-latest · node >=24.1.0 <24.3.0
  • GitHub Check: typecheck · lint · test · build · macos-latest · node >=24.5.0 <24.8.0
  • GitHub Check: typecheck · lint · test · build · macos-latest · node >=24.0.0 <24.1.0
  • GitHub Check: typecheck · lint · test · build · macos-latest · node >=24.12.0 <25
  • GitHub Check: typecheck · lint · test · build · windows-latest · node 22.22.0
  • GitHub Check: typecheck · lint · test · build · macos-latest · node 24.12.0
  • GitHub Check: typecheck · lint · test · build · windows-latest · node >=24.5.0 <24.8.0
  • GitHub Check: typecheck · lint · test · build · windows-latest · node >=22.22.0 <23
  • GitHub Check: typecheck · lint · test · build · windows-latest · node >=24.12.0 <25
  • GitHub Check: typecheck · lint · test · build · windows-latest · node >=24.3.0 <24.5.0
  • GitHub Check: typecheck · lint · test · build · macos-latest · node 22.22.0
  • GitHub Check: typecheck · lint · test · build · ubuntu-latest · node >=26.0.0 <27
  • GitHub Check: typecheck · lint · test · build · windows-latest · node >=24.1.0 <24.3.0
  • GitHub Check: typecheck · lint · test · build · windows-latest · node >=24.8.0 <24.10.0
  • GitHub Check: typecheck · lint · test · build · windows-latest · node 26.0.0
  • GitHub Check: typecheck · lint · test · build · windows-latest · node >=26.0.0 <27
  • GitHub Check: typecheck · lint · test · build · windows-latest · node >=24.10.0 <24.12.0
  • GitHub Check: typecheck · lint · test · build · ubuntu-latest · node 22.22.0
  • GitHub Check: typecheck · lint · test · build · ubuntu-latest · node >=24.0.0 <24.1.0
  • GitHub Check: coverage · upload to Codecov
🧰 Additional context used
📓 Path-based instructions (3)
**/*.{yml,yaml,json,html,md}

📄 CodeRabbit inference engine (CONTRIBUTING.md)

Do not use the em dash (U+2014) in YAML, Markdown, JSON, or HTML files; the repo-wide scripts/check-no-em-dash.mts guard checks tracked files for this character and its HTML entity.

Files:

  • best_practices.md
**/*.{json,html,md,yaml,yml}

📄 CodeRabbit inference engine (CONTRIBUTING.ja.md)

Avoid using the em dash character (U+2014) in Markdown, JSON, HTML, and YAML files as well; the repository-wide check also blocks the HTML entity form.

Files:

  • best_practices.md
**

⚙️ CodeRabbit configuration file

**: # Arkor Development Guide

Note: Claude Code automatically loads this file.

Repository shape

pnpm + Turbo monorepo. Workspaces are declared in pnpm-workspace.yaml (packages/*, e2e/*, examples/*, docs).

Path Role
packages/arkor Published arkor SDK + CLI + bundled local Studio server (Hono). bin/arkordist/bin.mjs. Library entry → dist/index.mjs.
packages/create-arkor Published create-arkor scaffolder (pnpm create arkor).
packages/cli-internal Private workspace package. Source is bundled into arkor and create-arkor via tsdown's deps.alwaysBundle. Never appears as a runtime dependency on npm.
packages/studio-app Private Vite + React 19 SPA. pnpm --filter @arkor/studio-app bundle builds it; packages/arkor/scripts/copy-studio-assets.mjs copies dist/ into packages/arkor/dist/assets/.
e2e/cli Private vitest suite that spawns the built dist/bin.mjs of both CLIs in temp dirs.
e2e/studio Private Playwright suite that spawns arkor dev against an in-process fake cloud-api and drives the Studio SPA in Chromium.
examples/doc-drift Private use-case example: documentation drift check against an Arkor deployment (zero-dependency script + copy-me workflow).
docs Mintlify sources for docs.arkor.ai.

Common commands

Root scripts fan out via Turbo (which respects ^build deps in turbo.json):

pnpm install
pnpm build          # turbo run build across all packages
pnpm typecheck      # tsc --noEmit across all packages
pnpm lint           # oxlint --deny-warnings, then strict ESLint 10 (single root config each)
pnpm format         # oxfmt --write across the repo (config in oxfmt.config.ts)
pnpm format:check   # oxfmt --check; CI gates on this (no wri...

Files:

  • best_practices.md
🪛 LanguageTool
best_practices.md

[grammar] ~63-~63: Ensure spelling is correct
Context: ...leaseAge, trustPolicy: no-downgrade, blockExoticSubdeps, allowBuilds`). Do not loosen them without justificatio...

(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)

🔇 Additional comments (10)
best_practices.md (6)

62-64: Static analysis spelling hint is a false positive.

LanguageTool flags "spelling" near this line, but it's clearly triggered by the adjacent backtick-quoted identifiers (blockExoticSubdeps, allowBuilds) rather than an actual typo in prose; "justification" is spelled correctly.


10-20: LGTM!


26-38: LGTM!


52-71: LGTM!


73-77: LGTM!


39-51: 🎯 Functional Correctness

No action needed: packages/arkor/src/studio/server.ts and jobEventsPathPattern are present.

			> Likely an incorrect or invalid review comment.
.pr_agent.toml (4)

1-9: LGTM!


15-25: LGTM!


27-49: 🎯 Functional Correctness

review_agent structure and inline_comments_severity_threshold semantics check out.

Verified against current Qodo v2 docs: [review_agent] with comments_location_policy, inline_comments_severity_threshold (1-3 scale, 3=default/action_required, 2=remediation_recommended, 1=informational), issues_user_guidelines, and compliance_user_guidelines are all real v2 keys, and lowering the threshold to 2 does what the comment says (surfaces "remediation_recommended" and above inline).

This matches documented Qodo v2 behavior, but since it governs a third-party GitHub App's actual runtime behavior, worth a final sanity check once the app is installed and a live PR is opened.


62-66: 📐 Maintainability & Code Quality

Verify [qodo_describe_agent] / publish_mode are real v2 config keys.

Every Qodo v2 doc page and real-world .pr_agent.toml example I could find (including qodo-ai/pr-agent's own dogfooding config) only shows [review_agent] as the agent-scoped table (with enabled/publish_output); none show a distinct [qodo_describe_agent] table or a publish_mode key with "comment"/"pr_description"/"dynamic" values. This may be a newer/undocumented v2 addition, but as written it's unconfirmed and risks being silently ignored by the app if the section/key name is wrong.
[dependency_check]

  • Flagging: Qodo v2 .pr_agent.toml schema — [qodo_describe_agent] table and publish_mode key.
  • Action: verify with Qodo's current v2 configuration-and-command-reference docs before relying on this to control describe-output placement.

Comment thread .pr_agent.toml
Comment thread best_practices.md Outdated

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: e5ce1ec1e3

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread .pr_agent.toml Outdated
pr_commands = [
"/agentic_describe",
"/agentic_review",
"/generate_labels",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Remove unsupported auto label command

On Qodo v2 GitHub App installs, this auto-run list is meant to contain the supported review workflow commands: the current Qodo v2 configuration reference lists [github_app].pr_commands values as /agentic_describe and /agentic_review, while the Generate PR labels page documents /generate_labels as a manual PR comment command (https://docs.qodo.ai/install-and-configure/configuration-overview/configuration-and-command-reference and https://docs.qodo.ai/code-review/generate-pr-labels). Keeping /generate_labels here means the intended automatic label generation on PR open is not covered by the documented v2 automation path and risks the command being ignored or rejected; keep pr_commands to the supported auto commands and configure labels through the documented label feature/manual command instead.

Useful? React with 👍 / 👎.

Comment thread .pr_agent.toml Outdated
]
handle_push_trigger = true
push_commands = [
"/agentic_describe",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Keep push triggers to review commands

When new commits are pushed, Qodo v2 documents [github_app].push_commands as accepting /agentic_review only, and the persistent-review setup example uses just that command (https://docs.qodo.ai/install-and-configure/configuration-overview/configuration-and-command-reference and https://docs.qodo.ai/code-review/persistent-review-comments). Including /agentic_describe here means the desired PR-summary refresh on push is outside the documented automation path and may be ignored or fail, so the push trigger should use the supported review command rather than relying on describe to run automatically.

Useful? React with 👍 / 👎.

- Remove the stale 'CLI runtime strings are exempt' note from the no-em-dash
  rule in both files: ENG-764 removed that carve-out repo-wide (CONTRIBUTING.md
  + local/no-em-dash + scripts/check-no-em-dash.mts all say no carve-out).
- Drop /generate_labels from [github_app].pr_commands (it is a manual PR-comment
  command in v2, not an auto entry) and reduce push_commands to /agentic_review,
  the documented persistent-review trigger.
@drift-check

drift-check Bot commented Jul 3, 2026

Copy link
Copy Markdown

Code Review Bot

No comment/code divergences or documentation drift detected. Reviewed 2 file(s); skipped 0.

CI's format:check step (oxfmt --check) flagged .pr_agent.toml: oxfmt formats
TOML too, and it collapses the pr_commands/push_commands arrays onto one line
since they fit in printWidth 80. oxfmt owns formatting, so take its output. The
triple-quoted [review_agent] guideline strings are unaffected and the TOML
still parses.
@k-taro56

k-taro56 commented Jul 3, 2026

Copy link
Copy Markdown
Contributor Author

@codex

@k-taro56

k-taro56 commented Jul 3, 2026

Copy link
Copy Markdown
Contributor Author

@sentry review

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated no new comments.

@chatgpt-codex-connector

Copy link
Copy Markdown

Codex Review: Didn't find any major issues. 🎉

Reviewed commit: 4b16c9891f

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants