Skip to content

feat(pr-bot): gate auto-merge on coderabbit approval + 3-strikes close#508

Merged
plind-junior merged 1 commit into
testfrom
feat/coderabbit-merge-gate
Jul 16, 2026
Merged

feat(pr-bot): gate auto-merge on coderabbit approval + 3-strikes close#508
plind-junior merged 1 commit into
testfrom
feat/coderabbit-merge-gate

Conversation

@plind-junior

Copy link
Copy Markdown
Member

makes CodeRabbit a hard merge gate instead of advisory, and auto-closes
PRs it keeps rejecting. builds on #507 (which swapped claude for coderabbit).

what changes

  • coderabbit approval now gates auto-merge. a new coderabbit-gate
    workflow reads coderabbit's review verdict via the api and publishes a
    coderabbit-approved commit status. setup_repo_guards.sh adds that
    status to the branch ruleset's required checks, so a labeled non-core pr
    only auto-merges once coderabbit approves — on top of ci + trust-gate +
    codeowners. org admins keep the ruleset bypass to override when needed.
  • fresh pushes can't ride a stale approval. the verdict is scoped to
    the pr head commit via each review's commit_id; a new commit with no
    coderabbit review yet reports pending, which holds the merge.
  • 3 strikes and it's closed. a pr coderabbit requests changes on 3
    distinct commits without an approval is auto-closed with an explaining,
    reopenable comment. the owner and bots are exempt so they can keep
    iterating.

how it's kept safe

the decision logic (coderabbit_verdict / gate_status / should_close)
lives in pr_bot.py as pure stdlib and is covered by tests. the workflow
reads only review metadata and checks out the trusted base ref — no
untrusted head code runs; every event field is passed through env, not
interpolated into a run block.

owner follow-up

after merge to test, re-run bash scripts/setup_repo_guards.sh test
(and the same for main) so the ruleset actually requires the new
coderabbit-approved check.

make coderabbit a hard merge gate instead of advisory. the new
coderabbit-gate workflow reads coderabbit's review verdict via the api
and publishes a `coderabbit-approved` commit status, which the branch
ruleset now requires — so a labeled non-core pr only auto-merges once
coderabbit approves, on top of ci + trust-gate + codeowners.

the verdict is scoped to the pr head commit (via each review's
commit_id), so a fresh push drops back to pending and cannot ride a
stale approval through the gate.

a pr coderabbit requests changes on 3 distinct commits without an
approval is auto-closed with an explaining comment; the owner and bots
are exempt so they can keep iterating. the decision logic
(coderabbit_verdict / gate_status / should_close) lives in pr_bot.py as
pure stdlib and is covered by tests. the workflow reads only review
metadata and checks out the trusted base ref — no untrusted head code
runs. org admins keep the ruleset bypass to override the gate when
needed.
@coderabbitai

coderabbitai Bot commented Jul 16, 2026

Copy link
Copy Markdown

Warning

Review limit reached

@plind-junior, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 2 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 440ffda5-77e2-4f83-a22e-4adf52d649b8

📥 Commits

Reviewing files that changed from the base of the PR and between d751637 and cf434a1.

📒 Files selected for processing (6)
  • .coderabbit.yaml
  • .github/workflows/coderabbit-gate.yml
  • CHANGELOG.md
  • scripts/setup_repo_guards.sh
  • src/vouch/pr_bot.py
  • tests/test_pr_bot.py
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch feat/coderabbit-merge-gate

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@github-actions github-actions Bot added docs documentation, specs, examples, and repo guidance ci github actions and automation tests tests and fixtures size: M 200-499 changed non-doc lines ci: passing ci is green labels Jul 16, 2026
@plind-junior plind-junior merged commit bfb6b0a into test Jul 16, 2026
12 of 13 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

ci: passing ci is green ci github actions and automation docs documentation, specs, examples, and repo guidance size: M 200-499 changed non-doc lines tests tests and fixtures

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant