Conversation
Add repo-root .pr_agent.toml and best_practices.md to enable Qodo Merge / Qodo Code Review automation: auto describe/review/improve on PR open and re-review on push, full review sections with security and effort labels, and a best-practices file capturing repo-specific invariants (bilingual docs, no em dashes, Studio CSRF rules, HMR Symbol brands, catalog deps).
|
Warning Review limit reached
Next review available in: 15 minutes Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available. How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please refer docs for additional details. Review details⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: ASSERTIVE Plan: Pro Plus Run ID: 📒 Files selected for processing (1)
WalkthroughThis PR adds a repo-level Qodo agent configuration and a new best-practices document covering documentation rules, Studio authentication constraints, dependency guidance, formatting ownership, and review pitfalls. ChangesAgent Configuration and Documentation
Estimated code review effort: 2 (Simple) | ~10 minutes Related Issues: None specified Related PRs: None specified Suggested labels: documentation, configuration Suggested reviewers: None specified Poem: 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
✨ Simplify code
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Code Coverage OverviewLanguages: TypeScript TypeScript / code-coverage/arkorThe overall coverage remains at 99%, unchanged from the branch. TypeScript / code-coverage/create-arkorThe overall coverage remains at 56%, unchanged from the branch. TypeScript / code-coverage/cli-internalThe overall coverage remains at 97%, unchanged from the branch. TypeScript / code-coverage/studio-appThe overall coverage remains at 53%, unchanged from the branch. Updated |
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
PR Summary by QodoAdd repo-level Qodo v2 configuration and best practices
AI Description
Diagram
High-Level Assessment
Files changed (2)
|
Code Review by Qodo
Context used✅ Compliance rules (platform):
30 rules 1.
|
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 1ee5f50163
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| "/describe", | ||
| "/review", | ||
| "/improve", |
There was a problem hiding this comment.
For this file's stated Qodo v2 target, these auto-run entries are still the legacy v1 tool names. Qodo's v2 migration/reference docs say the new commands are prefixed with /agentic and that /agentic_describe//agentic_review replace /describe, /review, and /improve (https://docs.qodo.ai/install-and-configure/migrating-to-qodo-v2). On a new v2 installation, PR open events will not start the intended review/description flow; switch the GitHub pr_commands and the matching push_commands below to the v2 commands.
Useful? React with 👍 / 👎.
| enable_review_labels_security = true | ||
| enable_review_labels_effort = true | ||
| num_max_findings = 6 | ||
| extra_instructions = """ |
There was a problem hiding this comment.
Attach guidance to Qodo v2 review agents
This repository-specific guidance is placed under the legacy [pr_reviewer] extra_instructions, which only applies to the old /review tool. In Qodo v2, the docs configure review guidance under [review_agent] as issues_user_guidelines and compliance_user_guidelines (https://docs.qodo.ai/code-review/extra-instructions), so once the config uses /agentic_review, these CSRF/HMR/catalog rules will be ignored by the review agents instead of shaping the hosted reviews.
Useful? React with 👍 / 👎.
| - `eventStreamPathPattern` may only list GET stream-only routes. Never add a | ||
| mutation endpoint to it. |
There was a problem hiding this comment.
Use the real Studio event-stream guard name
The Studio server's query-token whitelist is jobEventsPathPattern in packages/arkor/src/studio/server.ts, and a repo-wide rg eventStreamPathPattern only finds these new guidance files. Because this rule names a guard that does not exist, Qodo is less likely to anchor reviews on the actual route gate when a PR changes the /api/jobs/:id/events exception; rename this to the real jobEventsPathPattern so the security invariant points at the code reviewers need to inspect.
Useful? React with 👍 / 👎.
| - `requestEarlyStop()` and `replaceCallbacks()` are dev-only HMR primitives kept | ||
| behind `Symbol.for("arkor.trainer.*")` brands. Do not surface them on the | ||
| public `Trainer` interface. |
There was a problem hiding this comment.
These HMR primitives are not present in the current repo: a repo-wide search for requestEarlyStop, replaceCallbacks, configHash, and SIGUSR2 only matches these new Qodo guidance files. Importing this into Qodo Review Standards would create rules for a non-existent Trainer hot-swap API, which can produce noisy or misleading findings on ordinary Trainer/Studio changes; remove this section or replace it with invariants that exist in the codebase.
Useful? React with 👍 / 👎.
| """ | ||
|
|
||
| # --- Description tool -------------------------------------------------------- | ||
| [pr_description] |
There was a problem hiding this comment.
Move PR description options to v2 config
This block is the legacy /describe tool configuration, but the file is intended for Qodo v2. In the v2 reference, PR summary configuration is under [qodo_describe_agent] (for example publish_mode), and label generation is handled by the v2 label-generation feature rather than these [pr_description] keys (https://docs.qodo.ai/install-and-configure/configuration-overview/configuration-and-command-reference). After fixing the commands to /agentic_describe, the title/label/type/diagram settings here will not shape the generated PR summary as the comments claim.
Useful? React with 👍 / 👎.
Address PR review: - Migrate to the current Qodo v2 (Qodo Review / Qodo Platform) format: use /agentic_describe + /agentic_review (which fold in /improve and /compliance) and /generate_labels in [github_app], move review guidance to [review_agent] (issues_user_guidelines / compliance_user_guidelines) and description to [qodo_describe_agent]. Verified every section/key against the current v2 docs. This also resolves the 'push skips /improve' finding, since /agentic_review includes code suggestions. - Fix code references that do not exist on main (they were future-branch state): eventStreamPathPattern -> real jobEventsPathPattern; drop the HMR-primitives section (requestEarlyStop/replaceCallbacks/configHash/SIGUSR2/trainRegistry are not implemented on main).
There was a problem hiding this comment.
Pull request overview
This PR adds two repo-root configuration files so the hosted Qodo (v2 / "Qodo Platform") GitHub app reviews PRs against this repository's conventions. .pr_agent.toml tunes which agentic commands run on PR open/push and configures the review and describe agents, while best_practices.md distills the repo's invariants (bilingual docs, Studio CSRF token, dependency catalog, formatting boundaries, testing) for Qodo's compliance/best-practices findings. No code paths change.
Changes:
- Add
.pr_agent.tomlconfiguring[github_app]command triggers plus[review_agent]and[qodo_describe_agent]behavior, with Arkor-specific issue/compliance guidelines. - Add
best_practices.mdcapturing repo conventions and a "do not fix these" section for known review-bot pitfalls. - The config's Studio-security references (
jobEventsPathPattern,X-Arkor-Studio-Token,timingSafeEqual, loopback allow-list, no CORS) were verified accurate againstpackages/arkor/src/studio/server.ts.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
.pr_agent.toml |
Qodo v2 automation config: agentic command triggers, review agent (comment policy, severity threshold, issue/compliance guidelines), describe agent publish mode. |
best_practices.md |
Repo invariants for Qodo best-practice findings: bilingual docs, writing style, review pitfalls, Studio security, dependencies/supply-chain, formatting boundaries, testing. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| pr_commands = [ | ||
| "/agentic_describe", | ||
| "/agentic_review", | ||
| "/generate_labels", | ||
| ] | ||
| handle_push_trigger = true | ||
| push_commands = [ | ||
| "/agentic_describe", | ||
| "/agentic_review", | ||
| ] |
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.pr_agent.toml:
- Around line 52-60: Update the compliance guidance in .pr_agent.toml so it
matches AGENTS.md and best_practices.md: remove the CLI runtime user-facing
strings exception from compliance_user_guidelines and keep the no-em-dash rule
unconditional. Make the wording consistent with the linked
issues_user_guidelines/best_practices.md references so the compliance agent does
not treat CLI runtime messages as exempt.
In `@best_practices.md`:
- Around line 21-24: The writing style guidance in best_practices.md incorrectly
says CLI runtime strings are exempt from the no-em-dash rule, which conflicts
with the repo’s actual style policy. Update that bullet to state that no em
dashes are allowed anywhere, including CLI runtime messages, and keep the rule
wording consistent with the Style conventions used by the docs so Qodo does not
infer an exception where none exists.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro Plus
Run ID: c0c6a2db-749c-4adc-a3b8-f6a680c5f792
📒 Files selected for processing (2)
.pr_agent.tomlbest_practices.md
📜 Review details
⏰ Context from checks skipped due to timeout. (170)
- GitHub Check: install · pnpm-9 · windows-latest · node 24.0.0
- GitHub Check: install · pnpm-9 · ubuntu-latest · node >=22.22.0 <23
- GitHub Check: install · pnpm-10 · macos-latest · node >=24.12.0 <25
- GitHub Check: install · pnpm-10 · macos-latest · node 24.12.0
- GitHub Check: install · yarn · macos-latest · node 24.0.0
- GitHub Check: install · pnpm-9 · macos-latest · node >=24.12.0 <25
- GitHub Check: install · yarn-berry · macos-latest · node 24.12.0
- GitHub Check: install · pnpm-9 · macos-latest · node 24.0.0
- GitHub Check: install · yarn-berry · macos-latest · node 24.0.0
- GitHub Check: install · pnpm-11 · macos-latest · node 24.0.0
- GitHub Check: install · pnpm-11 · macos-latest · node 24.12.0
- GitHub Check: install · yarn · macos-latest · node >=22.22.0 <23
- GitHub Check: install · yarn · macos-latest · node 24.12.0
- GitHub Check: install · npm · macos-latest · node 24.0.0
- GitHub Check: install · yarn-berry · macos-latest · node 22.22.0
- GitHub Check: install · bun · macos-latest · node 24.0.0
- GitHub Check: install · pnpm-9 · macos-latest · node 24.12.0
- GitHub Check: install · pnpm-9 · macos-latest · node 22.22.0
- GitHub Check: install · pnpm-10 · macos-latest · node >=22.22.0 <23
- GitHub Check: install · bun · macos-latest · node >=22.22.0 <23
- GitHub Check: install · pnpm-11 · macos-latest · node >=22.22.0 <23
- GitHub Check: install · bun · macos-latest · node 22.22.0
- GitHub Check: install · yarn-berry · macos-latest · node >=22.22.0 <23
- GitHub Check: install · pnpm-9 · macos-latest · node >=22.22.0 <23
- GitHub Check: install · pnpm-11 · macos-latest · node 22.22.0
- GitHub Check: install · bun · windows-latest · node 26.0.0
- GitHub Check: install · yarn-berry · windows-latest · node >=26.0.0 <27
- GitHub Check: install · bun · windows-latest · node >=26.0.0 <27
- GitHub Check: install · pnpm-10 · windows-latest · node >=26.0.0 <27
- GitHub Check: install · yarn · macos-latest · node 22.22.0
- GitHub Check: install · yarn · windows-latest · node >=24.12.0 <25
- GitHub Check: install · npm · windows-latest · node >=26.0.0 <27
- GitHub Check: install · yarn-berry · windows-latest · node 26.0.0
- GitHub Check: install · npm · windows-latest · node >=24.12.0 <25
- GitHub Check: install · yarn · windows-latest · node 26.0.0
- GitHub Check: install · npm · windows-latest · node 26.0.0
- GitHub Check: install · pnpm-9 · windows-latest · node 24.12.0
- GitHub Check: install · pnpm-10 · windows-latest · node 26.0.0
- GitHub Check: install · pnpm-11 · windows-latest · node >=24.12.0 <25
- GitHub Check: install · yarn-berry · windows-latest · node 24.0.0
- GitHub Check: install · pnpm-10 · windows-latest · node >=24.12.0 <25
- GitHub Check: install · pnpm-11 · windows-latest · node 24.12.0
- GitHub Check: install · pnpm-9 · windows-latest · node >=26.0.0 <27
- GitHub Check: install · pnpm-9 · windows-latest · node >=24.12.0 <25
- GitHub Check: install · npm · windows-latest · node 24.12.0
- GitHub Check: install · bun · windows-latest · node 24.0.0
- GitHub Check: install · pnpm-10 · windows-latest · node 24.0.0
- GitHub Check: install · bun · windows-latest · node 22.22.0
- GitHub Check: install · npm · windows-latest · node 22.22.0
- GitHub Check: install · pnpm-10 · windows-latest · node 22.22.0
- GitHub Check: install · pnpm-9 · windows-latest · node >=22.22.0 <23
- GitHub Check: install · pnpm-10 · windows-latest · node >=22.22.0 <23
- GitHub Check: install · yarn · windows-latest · node 22.22.0
- GitHub Check: install · pnpm-11 · windows-latest · node >=22.22.0 <23
- GitHub Check: install · yarn-berry · windows-latest · node >=22.22.0 <23
- GitHub Check: install · bun · windows-latest · node >=22.22.0 <23
- GitHub Check: install · npm · windows-latest · node >=22.22.0 <23
- GitHub Check: install · yarn · windows-latest · node >=22.22.0 <23
- GitHub Check: install · npm · ubuntu-latest · node >=26.0.0 <27
- GitHub Check: install · pnpm-11 · windows-latest · node 22.22.0
- GitHub Check: install · yarn-berry · windows-latest · node 22.22.0
- GitHub Check: install · yarn · ubuntu-latest · node 26.0.0
- GitHub Check: install · yarn-berry · ubuntu-latest · node >=26.0.0 <27
- GitHub Check: install · pnpm-9 · windows-latest · node 24.0.0
- GitHub Check: install · pnpm-9 · windows-latest · node 22.22.0
- GitHub Check: install · yarn-berry · ubuntu-latest · node 26.0.0
- GitHub Check: install · pnpm-11 · ubuntu-latest · node >=26.0.0 <27
- GitHub Check: install · npm · ubuntu-latest · node 26.0.0
- GitHub Check: install · yarn · ubuntu-latest · node >=26.0.0 <27
- GitHub Check: install · pnpm-10 · ubuntu-latest · node >=26.0.0 <27
- GitHub Check: install · bun · ubuntu-latest · node >=26.0.0 <27
- GitHub Check: install · pnpm-9 · ubuntu-latest · node >=26.0.0 <27
- GitHub Check: install · pnpm-10 · ubuntu-latest · node 26.0.0
- GitHub Check: install · bun · ubuntu-latest · node 26.0.0
- GitHub Check: install · bun · ubuntu-latest · node >=24.12.0 <25
- GitHub Check: install · pnpm-11 · ubuntu-latest · node 26.0.0
- GitHub Check: install · pnpm-9 · ubuntu-latest · node >=24.12.0 <25
- GitHub Check: install · yarn-berry · ubuntu-latest · node 24.12.0
- GitHub Check: install · bun · ubuntu-latest · node 24.0.0
- GitHub Check: install · bun · ubuntu-latest · node >=22.22.0 <23
- GitHub Check: install · pnpm-9 · ubuntu-latest · node 26.0.0
- GitHub Check: install · pnpm-9 · ubuntu-latest · node 24.0.0
- GitHub Check: install · npm · ubuntu-latest · node >=24.12.0 <25
- GitHub Check: install · pnpm-10 · ubuntu-latest · node >=22.22.0 <23
- GitHub Check: install · yarn · ubuntu-latest · node 24.12.0
- GitHub Check: install · yarn-berry · ubuntu-latest · node >=22.22.0 <23
- GitHub Check: install · pnpm-9 · ubuntu-latest · node 24.12.0
- GitHub Check: install · bun · ubuntu-latest · node 24.12.0
- GitHub Check: install · yarn · ubuntu-latest · node >=24.12.0 <25
- GitHub Check: install · yarn · ubuntu-latest · node >=22.22.0 <23
- GitHub Check: install · yarn-berry · ubuntu-latest · node 24.0.0
- GitHub Check: install · pnpm-10 · ubuntu-latest · node 24.12.0
- GitHub Check: install · npm · ubuntu-latest · node 24.12.0
- GitHub Check: install · yarn · ubuntu-latest · node 24.0.0
- GitHub Check: install · yarn-berry · ubuntu-latest · node >=24.12.0 <25
- GitHub Check: install · npm · ubuntu-latest · node 24.0.0
- GitHub Check: install · pnpm-11 · ubuntu-latest · node >=24.12.0 <25
- GitHub Check: install · pnpm-10 · ubuntu-latest · node >=24.12.0 <25
- GitHub Check: install · pnpm-9 · ubuntu-latest · node 22.22.0
- GitHub Check: install · npm · ubuntu-latest · node 22.22.0
- GitHub Check: install · pnpm-9 · ubuntu-latest · node >=22.22.0 <23
- GitHub Check: install · pnpm-11 · ubuntu-latest · node 24.0.0
- GitHub Check: install · pnpm-11 · ubuntu-latest · node 24.12.0
- GitHub Check: install · pnpm-11 · ubuntu-latest · node >=22.22.0 <23
- GitHub Check: install · bun · ubuntu-latest · node 22.22.0
- GitHub Check: install · npm · ubuntu-latest · node >=22.22.0 <23
- GitHub Check: install · pnpm-10 · ubuntu-latest · node 24.0.0
- GitHub Check: install · pnpm-10 · ubuntu-latest · node 22.22.0
- GitHub Check: install · pnpm-11 · ubuntu-latest · node 22.22.0
- GitHub Check: install · yarn-berry · ubuntu-latest · node 22.22.0
- GitHub Check: install · yarn · ubuntu-latest · node 22.22.0
- GitHub Check: typecheck · lint · test · build · macos-latest · node 24.12.0
- GitHub Check: typecheck · lint · test · build · macos-latest · node 26.0.0
- GitHub Check: typecheck · lint · test · build · macos-latest · node >=24.8.0 <24.10.0
- GitHub Check: typecheck · lint · test · build · windows-latest · node >=26.0.0 <27
- GitHub Check: typecheck · lint · test · build · macos-latest · node >=24.12.0 <25
- GitHub Check: typecheck · lint · test · build · macos-latest · node >=24.5.0 <24.8.0
- GitHub Check: typecheck · lint · test · build · macos-latest · node >=26.0.0 <27
- GitHub Check: typecheck · lint · test · build · windows-latest · node >=24.8.0 <24.10.0
- GitHub Check: typecheck · lint · test · build · macos-latest · node >=24.10.0 <24.12.0
- GitHub Check: typecheck · lint · test · build · windows-latest · node >=24.5.0 <24.8.0
- GitHub Check: typecheck · lint · test · build · windows-latest · node >=24.3.0 <24.5.0
- GitHub Check: typecheck · lint · test · build · macos-latest · node 22.22.0
- GitHub Check: typecheck · lint · test · build · windows-latest · node 24.12.0
- GitHub Check: typecheck · lint · test · build · macos-latest · node >=24.0.0 <24.1.0
- GitHub Check: typecheck · lint · test · build · windows-latest · node 22.22.0
- GitHub Check: typecheck · lint · test · build · windows-latest · node >=24.12.0 <25
- GitHub Check: typecheck · lint · test · build · windows-latest · node 26.0.0
- GitHub Check: typecheck · lint · test · build · windows-latest · node >=24.10.0 <24.12.0
- GitHub Check: typecheck · lint · test · build · macos-latest · node >=24.3.0 <24.5.0
- GitHub Check: typecheck · lint · test · build · macos-latest · node >=24.1.0 <24.3.0
- GitHub Check: typecheck · lint · test · build · windows-latest · node >=24.1.0 <24.3.0
- GitHub Check: typecheck · lint · test · build · macos-latest · node >=22.22.0 <23
- GitHub Check: typecheck · lint · test · build · ubuntu-latest · node 24.12.0
- GitHub Check: typecheck · lint · test · build · windows-latest · node >=22.22.0 <23
- GitHub Check: typecheck · lint · test · build · windows-latest · node >=24.0.0 <24.1.0
- GitHub Check: typecheck · lint · test · build · ubuntu-latest · node >=24.5.0 <24.8.0
- GitHub Check: typecheck · lint · test · build · ubuntu-latest · node >=24.3.0 <24.5.0
- GitHub Check: typecheck · lint · test · build · ubuntu-latest · node >=24.12.0 <25
- GitHub Check: typecheck · lint · test · build · ubuntu-latest · node >=24.10.0 <24.12.0
- GitHub Check: coverage · upload to Codecov
- GitHub Check: Analyze (javascript-typescript)
- GitHub Check: Analyze (javascript-typescript)
- GitHub Check: typecheck · lint · test · build · macos-latest · node >=24.3.0 <24.5.0
- GitHub Check: typecheck · lint · test · build · windows-latest · node 24.12.0
- GitHub Check: typecheck · lint · test · build · windows-latest · node >=24.0.0 <24.1.0
- GitHub Check: typecheck · lint · test · build · macos-latest · node >=24.10.0 <24.12.0
- GitHub Check: typecheck · lint · test · build · macos-latest · node 26.0.0
- GitHub Check: typecheck · lint · test · build · macos-latest · node >=24.8.0 <24.10.0
- GitHub Check: typecheck · lint · test · build · macos-latest · node >=26.0.0 <27
- GitHub Check: typecheck · lint · test · build · macos-latest · node >=24.1.0 <24.3.0
- GitHub Check: typecheck · lint · test · build · macos-latest · node >=24.5.0 <24.8.0
- GitHub Check: typecheck · lint · test · build · macos-latest · node >=24.0.0 <24.1.0
- GitHub Check: typecheck · lint · test · build · macos-latest · node >=24.12.0 <25
- GitHub Check: typecheck · lint · test · build · windows-latest · node 22.22.0
- GitHub Check: typecheck · lint · test · build · macos-latest · node 24.12.0
- GitHub Check: typecheck · lint · test · build · windows-latest · node >=24.5.0 <24.8.0
- GitHub Check: typecheck · lint · test · build · windows-latest · node >=22.22.0 <23
- GitHub Check: typecheck · lint · test · build · windows-latest · node >=24.12.0 <25
- GitHub Check: typecheck · lint · test · build · windows-latest · node >=24.3.0 <24.5.0
- GitHub Check: typecheck · lint · test · build · macos-latest · node 22.22.0
- GitHub Check: typecheck · lint · test · build · ubuntu-latest · node >=26.0.0 <27
- GitHub Check: typecheck · lint · test · build · windows-latest · node >=24.1.0 <24.3.0
- GitHub Check: typecheck · lint · test · build · windows-latest · node >=24.8.0 <24.10.0
- GitHub Check: typecheck · lint · test · build · windows-latest · node 26.0.0
- GitHub Check: typecheck · lint · test · build · windows-latest · node >=26.0.0 <27
- GitHub Check: typecheck · lint · test · build · windows-latest · node >=24.10.0 <24.12.0
- GitHub Check: typecheck · lint · test · build · ubuntu-latest · node 22.22.0
- GitHub Check: typecheck · lint · test · build · ubuntu-latest · node >=24.0.0 <24.1.0
- GitHub Check: coverage · upload to Codecov
🧰 Additional context used
📓 Path-based instructions (3)
**/*.{yml,yaml,json,html,md}
📄 CodeRabbit inference engine (CONTRIBUTING.md)
Do not use the em dash (U+2014) in YAML, Markdown, JSON, or HTML files; the repo-wide
scripts/check-no-em-dash.mtsguard checks tracked files for this character and its HTML entity.
Files:
best_practices.md
**/*.{json,html,md,yaml,yml}
📄 CodeRabbit inference engine (CONTRIBUTING.ja.md)
Avoid using the em dash character (U+2014) in Markdown, JSON, HTML, and YAML files as well; the repository-wide check also blocks the HTML entity form.
Files:
best_practices.md
**
⚙️ CodeRabbit configuration file
**: # Arkor Development GuideNote: Claude Code automatically loads this file.
Repository shape
pnpm + Turbo monorepo. Workspaces are declared in
pnpm-workspace.yaml(packages/*,e2e/*,examples/*,docs).
Path Role packages/arkor Published arkorSDK + CLI + bundled local Studio server (Hono).bin/arkor→dist/bin.mjs. Library entry →dist/index.mjs.packages/create-arkor Published create-arkorscaffolder (pnpm create arkor).packages/cli-internal Private workspace package. Source is bundled into arkorandcreate-arkorvia tsdown'sdeps.alwaysBundle. Never appears as a runtime dependency on npm.packages/studio-app Private Vite + React 19 SPA. pnpm --filter@arkor/studio-appbundlebuilds it;packages/arkor/scripts/copy-studio-assets.mjscopiesdist/intopackages/arkor/dist/assets/.e2e/cli Private vitest suite that spawns the built dist/bin.mjsof both CLIs in temp dirs.e2e/studio Private Playwright suite that spawns arkor devagainst an in-process fake cloud-api and drives the Studio SPA in Chromium.examples/doc-drift Private use-case example: documentation drift check against an Arkor deployment (zero-dependency script + copy-me workflow). docs Mintlify sources for docs.arkor.ai. Common commands
Root scripts fan out via Turbo (which respects
^builddeps in turbo.json):pnpm install pnpm build # turbo run build across all packages pnpm typecheck # tsc --noEmit across all packages pnpm lint # oxlint --deny-warnings, then strict ESLint 10 (single root config each) pnpm format # oxfmt --write across the repo (config in oxfmt.config.ts) pnpm format:check # oxfmt --check; CI gates on this (no wri...
Files:
best_practices.md
🪛 LanguageTool
best_practices.md
[grammar] ~63-~63: Ensure spelling is correct
Context: ...leaseAge, trustPolicy: no-downgrade, blockExoticSubdeps, allowBuilds`). Do not loosen them without justificatio...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
🔇 Additional comments (10)
best_practices.md (6)
62-64: Static analysis spelling hint is a false positive.LanguageTool flags "spelling" near this line, but it's clearly triggered by the adjacent backtick-quoted identifiers (
blockExoticSubdeps,allowBuilds) rather than an actual typo in prose; "justification" is spelled correctly.
10-20: LGTM!
26-38: LGTM!
52-71: LGTM!
73-77: LGTM!
39-51: 🎯 Functional CorrectnessNo action needed:
packages/arkor/src/studio/server.tsandjobEventsPathPatternare present.> Likely an incorrect or invalid review comment..pr_agent.toml (4)
1-9: LGTM!
15-25: LGTM!
27-49: 🎯 Functional Correctness
review_agentstructure andinline_comments_severity_thresholdsemantics check out.Verified against current Qodo v2 docs:
[review_agent]withcomments_location_policy,inline_comments_severity_threshold(1-3 scale, 3=default/action_required, 2=remediation_recommended, 1=informational),issues_user_guidelines, andcompliance_user_guidelinesare all real v2 keys, and lowering the threshold to 2 does what the comment says (surfaces "remediation_recommended" and above inline).This matches documented Qodo v2 behavior, but since it governs a third-party GitHub App's actual runtime behavior, worth a final sanity check once the app is installed and a live PR is opened.
62-66: 📐 Maintainability & Code QualityVerify
[qodo_describe_agent]/publish_modeare real v2 config keys.Every Qodo v2 doc page and real-world
.pr_agent.tomlexample I could find (includingqodo-ai/pr-agent's own dogfooding config) only shows[review_agent]as the agent-scoped table (withenabled/publish_output); none show a distinct[qodo_describe_agent]table or apublish_modekey with"comment"/"pr_description"/"dynamic"values. This may be a newer/undocumented v2 addition, but as written it's unconfirmed and risks being silently ignored by the app if the section/key name is wrong.
[dependency_check]
- Flagging: Qodo v2
.pr_agent.tomlschema —[qodo_describe_agent]table andpublish_modekey.- Action: verify with Qodo's current v2 configuration-and-command-reference docs before relying on this to control describe-output placement.
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: e5ce1ec1e3
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| pr_commands = [ | ||
| "/agentic_describe", | ||
| "/agentic_review", | ||
| "/generate_labels", |
There was a problem hiding this comment.
Remove unsupported auto label command
On Qodo v2 GitHub App installs, this auto-run list is meant to contain the supported review workflow commands: the current Qodo v2 configuration reference lists [github_app].pr_commands values as /agentic_describe and /agentic_review, while the Generate PR labels page documents /generate_labels as a manual PR comment command (https://docs.qodo.ai/install-and-configure/configuration-overview/configuration-and-command-reference and https://docs.qodo.ai/code-review/generate-pr-labels). Keeping /generate_labels here means the intended automatic label generation on PR open is not covered by the documented v2 automation path and risks the command being ignored or rejected; keep pr_commands to the supported auto commands and configure labels through the documented label feature/manual command instead.
Useful? React with 👍 / 👎.
| ] | ||
| handle_push_trigger = true | ||
| push_commands = [ | ||
| "/agentic_describe", |
There was a problem hiding this comment.
Keep push triggers to review commands
When new commits are pushed, Qodo v2 documents [github_app].push_commands as accepting /agentic_review only, and the persistent-review setup example uses just that command (https://docs.qodo.ai/install-and-configure/configuration-overview/configuration-and-command-reference and https://docs.qodo.ai/code-review/persistent-review-comments). Including /agentic_describe here means the desired PR-summary refresh on push is outside the documented automation path and may be ignored or fail, so the push trigger should use the supported review command rather than relying on describe to run automatically.
Useful? React with 👍 / 👎.
- Remove the stale 'CLI runtime strings are exempt' note from the no-em-dash rule in both files: ENG-764 removed that carve-out repo-wide (CONTRIBUTING.md + local/no-em-dash + scripts/check-no-em-dash.mts all say no carve-out). - Drop /generate_labels from [github_app].pr_commands (it is a manual PR-comment command in v2, not an auto entry) and reduce push_commands to /agentic_review, the documented persistent-review trigger.
Code Review BotNo comment/code divergences or documentation drift detected. Reviewed 2 file(s); skipped 0. |
CI's format:check step (oxfmt --check) flagged .pr_agent.toml: oxfmt formats TOML too, and it collapses the pr_commands/push_commands arrays onto one line since they fit in printWidth 80. oxfmt owns formatting, so take its output. The triple-quoted [review_agent] guideline strings are unaffected and the TOML still parses.
|
@sentry review |
|
Codex Review: Didn't find any major issues. 🎉 Reviewed commit: ℹ️ About Codex in GitHubYour team has set up Codex to review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". |
What
Adds repo-level configuration for the latest Qodo (v2, the "Qodo Platform" / Qodo Review generation, successor to Qodo Merge / PR-Agent v1), so the hosted Qodo GitHub app reviews PRs against this repo's conventions.
Two root files, both in the current v2 agentic shape:
.pr_agent.toml:[github_app]automation:pr_commands = ["/agentic_describe", "/agentic_review"]on PR open, andhandle_push_trigger = truewithpush_commands = ["/agentic_review"]on push./agentic_reviewfolds in the old/review+/improve+/compliance, so a single command gives review plus code suggestions.[review_agent]:comments_location_policy = "both",inline_comments_severity_threshold = 2, and repo-specificissues_user_guidelines(Studio CSRF invariants, catalog rule, no formatting/import-order noise) +compliance_user_guidelines(bilingual docs, no em dashes, do-not-"fix" review-bot pitfalls).[qodo_describe_agent]:publish_mode = "comment"(does not overwrite a human-authored PR body).best_practices.md: the Arkor coding standard Qodo's compliance agent references. Invariants distilled from CONTRIBUTING.md / AGENTS.md / the actualpackages/arkorsource.Config is kept minimal (only deliberate settings, no full-default copy) so future Qodo default changes still flow through.
Version note
.pr_agent.tomlat the repo root is the correct file for both v1 and v2, but v2 replaces the legacy/review/describe/improvetools and[pr_reviewer]/[pr_description]sections with the/agentic_*commands and the[review_agent]/[qodo_describe_agent]sections used here. Every section/key was verified against the current v2 docs. For a single repo,best_practices.md's presence at the root is the enable trigger; the org-widepr-agent-settingsrepo is not used.Preconditions to take effect
main: Qodo reads both files from the default branch root, so nothing applies until this lands.Review follow-ups addressed
/describe,/review,/improve,[pr_reviewer],[pr_description]) to the v2 agentic format (Codex)./generate_labelsfrompr_commands(it is a manual PR-comment command in v2, not an auto entry) and reducedpush_commandsto/agentic_reviewper the documented persistent-review trigger (Codex).main:eventStreamPathPattern-> realjobEventsPathPattern; dropped an HMR-primitives section for APIs not implemented onmain(Codex).Verification
packages/arkor/src.No code paths change, so no unit/e2e tests apply. No
README/docschanges, so no bilingual doc pairing is required.Summary by CodeRabbit