chore: wire CodeRabbit daily review to issue creation and dispatch pipeline

[marcusquinn]

Summary

• Closes the loop on the daily CodeRabbit codebase review (issue Daily CodeRabbit Pulse Review #2386) which was producing findings that sat unprocessed as comments
• The supervisor now asks CodeRabbit to create one GitHub issue per finding (labelled coderabbit-pulse + auto-dispatch), which the normal pulse dispatch pipeline picks up and assigns to workers
• No new scripts — leverages CodeRabbit's native issue creation and the existing supervisor dispatch queue

Changes

• coderabbit.md: Documents the daily review flow (trigger -> review -> issue creation -> dispatch)
• pulse.md: Adds Step 7b for daily CodeRabbit review with 24h cooldown guard
• pulse.md: Adds auto-dispatch priority guidance to Step 3 tie-breaking rules

Note

.github/workflows/review-pulse.yml also needs updating (currently references archived scripts that don't exist). The updated file is in the worktree but couldn't be pushed due to OAuth workflow scope. The workflow update replaces the broken script-based approach with a lightweight issue-comment trigger matching the new flow.

Flow

Daily schedule (3 AM UTC or supervisor pulse)
  -> Comment on #2386: "@coderabbitai full codebase review"
  -> CodeRabbit posts findings
  -> Next pulse: "please open issues for each finding"
  -> CodeRabbit creates issues (coderabbit-pulse + auto-dispatch labels)
  -> Normal supervisor pulse picks them up via gh issue list
  -> Workers dispatched via /full-loop

Summary by CodeRabbit

Release Notes

• New Features

  • Added a new daily CodeRabbit codebase review workflow that automatically triggers once per day to scan the entire codebase.

• Documentation

  • Expanded priority logic for automated issue dispatch with enhanced tie-breaking rules.
  • Updated documentation describing the daily review workflow and how findings are processed into actionable issues.

[gemini-code-assist]

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!

[coderabbitai]

Warning

Rate limit exceeded

@marcusquinn has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 22 minutes and 6 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between 838952a and 4bfdeff.

📒 Files selected for processing (2)

• .agents/scripts/commands/pulse.md
• .agents/tools/code-review/coderabbit.md

Walkthrough

This PR implements an automated daily CodeRabbit full-codebase review workflow with guard logic in the pulse script and detailed documentation for triggered issue creation and findings dispatch. Updates priority tie-breaking logic to handle auto-dispatch labels in the task orchestration flow.

Changes

Cohort / File(s)	Summary
Daily CodeRabbit Review Workflow .agents/scripts/commands/pulse.md	Added Step 7b with guard logic, timestamp checks, and GitHub interactions to trigger daily full-codebase CodeRabbit review (appears in two locations). Expanded Step 3 priority tie-breaking to treat auto-dispatch-labeled issues as priority 6, with downgrade to priority 5 for security/critical severity.
CodeRabbit Daily Review Documentation .agents/tools/code-review/coderabbit.md	Replaced terse note with detailed "Daily Full Codebase Review" workflow steps (trigger, review, issue creation, pickup, dispatch). Added explicit guidance on issue title formatting, label assignment, body content structure, and clarified use of native GitHub issue creation instead of bash scripts. Tied to issue #2386 with coderabbit-pulse and auto-dispatch labels.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• t1032.5: Wire Phase 10b to unified audit orchestrator #1377: Modifies the CodeRabbit audit findings workflow and task-creation orchestration in Phase 10b, directly overlapping with this daily-review implementation.
• t299: Close self-improvement feedback loop — auto-create TODO tasks from quality findings #1170: Adds automated post-CodeRabbit steps to convert audit findings into actionable work items (TODO.md and commits), aligned with this PR's findings-to-issues pattern.
• fix: scrub private repo names from public issue tracker and add automated sanitization #2303: Modifies pulse workflow Step 3 tie-breaking logic for priority resolution, overlapping with the auto-dispatch label handling in this PR.

Suggested labels

needs-review

Poem

🤖✨ Each dawn, CodeRabbit wakes to scan,
The codebase deep with careful plan,
Guard logic strong, no stone unturned,
From findings found, fresh issues earned,
A quality flow, now automated—pristine! 📋

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: wiring CodeRabbit's daily review output to an issue creation and dispatch pipeline, which is the core objective of the PR.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch chore/coderabbit-pulse-issue-sync

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

🔍 Code Quality Report

�[0;35m[MONITOR]�[0m Code Review Monitoring Report

�[0;34m[INFO]�[0m Latest Quality Status:
SonarCloud: 0 bugs, 0 vulnerabilities, 88 code smells

�[0;34m[INFO]�[0m Recent monitoring activity:
Thu Feb 26 23:28:29 UTC 2026: Code review monitoring started
Thu Feb 26 23:28:29 UTC 2026: SonarCloud - Bugs: 0, Vulnerabilities: 0, Code Smells: 88

📈 Current Quality Metrics

• BUGS: 0
• CODE SMELLS: 88
• VULNERABILITIES: 0

Generated on: Thu Feb 26 23:28:31 UTC 2026

---

Generated by AI DevOps Framework Code Review Monitoring

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.agents/scripts/commands/pulse.md:
- Line 436: Update the broken internal doc reference in
.agents/scripts/commands/pulse.md by replacing the string
"tools/code-review/coderabbit.md" with the correct relative path
".agents/tools/code-review/coderabbit.md" so the link points to the existing
file; search for the exact token "tools/code-review/coderabbit.md" in pulse.md
and update it accordingly.
- Around line 420-430: The pulse script currently posts the "open issues for
each finding" comment unconditionally (the gh issue comment 2386 --repo ...
command), so add an idempotency read-before-write: before running that gh issue
comment command, query existing comments on issue 2386 (e.g., via gh issue
comment list or gh api /repos/:owner/:repo/issues/2386/comments) and search for
a unique marker/phrase that will be included in the post (for example the exact
line "Yes, please open issues for each finding." or a hidden token like
"[coderabbit-open-issues]"); only call gh issue comment --repo ... --body ... if
that marker is not already present. Update the pulse handler that performs the
"On the next pulse (2 minutes later)" step to perform this read-check and then a
single post to avoid duplicate requests.

---

ℹ️ Review info

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2147c53 and 838952a.

📒 Files selected for processing (2)

• .agents/scripts/commands/pulse.md
• .agents/tools/code-review/coderabbit.md

[github-actions]

🔍 Code Quality Report

�[0;35m[MONITOR]�[0m Code Review Monitoring Report

�[0;34m[INFO]�[0m Latest Quality Status:
SonarCloud: 0 bugs, 0 vulnerabilities, 88 code smells

�[0;34m[INFO]�[0m Recent monitoring activity:
Thu Feb 26 23:46:31 UTC 2026: Code review monitoring started
Thu Feb 26 23:46:32 UTC 2026: SonarCloud - Bugs: 0, Vulnerabilities: 0, Code Smells: 88

📈 Current Quality Metrics

• BUGS: 0
• CODE SMELLS: 88
• VULNERABILITIES: 0

Generated on: Thu Feb 26 23:46:34 UTC 2026

---

Generated by AI DevOps Framework Code Review Monitoring

[github-actions]

🔍 Code Quality Report

�[0;35m[MONITOR]�[0m Code Review Monitoring Report

�[0;34m[INFO]�[0m Latest Quality Status:
SonarCloud: 0 bugs, 0 vulnerabilities, 88 code smells

�[0;34m[INFO]�[0m Recent monitoring activity:
Fri Feb 27 00:03:27 UTC 2026: Code review monitoring started
Fri Feb 27 00:03:28 UTC 2026: SonarCloud - Bugs: 0, Vulnerabilities: 0, Code Smells: 88

📈 Current Quality Metrics

• BUGS: 0
• CODE SMELLS: 88
• VULNERABILITIES: 0

Generated on: Fri Feb 27 00:03:30 UTC 2026

---

Generated by AI DevOps Framework Code Review Monitoring

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud