t2980: fix review-bot-gate to distinguish rate-limit notices from real reviews

[marcusquinn]

Summary

• Fix review-bot-gate-helper.sh and review-bot-gate.yml to check comment content, not just comment existence, when determining if a bot has reviewed a PR
• Rate-limit/quota notices from CodeRabbit and Gemini Code Assist are now correctly identified and excluded from the "reviewed" count
• When all bot comments are rate-limit notices, the gate returns WAITING instead of incorrectly returning PASS

Problem

Closes #2980

When bots hit rate limits, they post notices like "Rate limit exceeded" or "You have reached your daily quota limit". The gate was counting these as valid reviews because it only checked whether a known bot username appeared in the commenter list — not what the comment actually said. This caused 12+ PRs with zero real reviews to show PASS.

Changes

.agents/scripts/review-bot-gate-helper.sh:

• Added RATE_LIMIT_PATTERNS array with known rate-limit/quota message patterns
• Added is_rate_limit_comment() function to check if a comment body matches any rate-limit pattern
• Added bot_has_real_review() function that fetches comment bodies (base64-encoded to handle multi-line content), decodes them, and checks each against rate-limit patterns
• Updated do_check() to validate comment content before counting a bot as having reviewed
• Updated do_list() to show rate-limit status per bot

.github/workflows/review-bot-gate.yml:

• Same rate-limit filtering logic inlined as helper functions
• Updated gate result and summary steps to show rate-limited bots separately
• Added rate_limited_bots output for visibility

Testing

Verified against real PRs:

• PR GH#2952: Extract session flag paths to script-level constants in pulse-wrapper.sh #2978 (rate-limited only): correctly returns WAITING with "Bots posted rate-limit notices only"
• PR t1405: scope boundary for worker dispatch — pulse dispatches only within pulse-enabled repos #2933 (real CodeRabbit review): correctly returns PASS
• ShellCheck: zero violations

Summary by CodeRabbit

• New Features

  • Added rate-limit detection for review bots to identify non-review notices.
  • Enhanced status reporting with per-bot rate-limit information.

• Bug Fixes

  • Improved bot review evaluation to distinguish real reviews from rate-limit notices.
  • Updated gate decision logic to properly handle rate-limited bots separately from real reviews.

[gemini-code-assist]

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!

[coderabbitai]

Walkthrough

This PR fixes a bug where review-bot-gate incorrectly treats rate-limit notices from bots as actual code reviews. Two new functions detect rate-limit patterns and validate that bot comments contain genuine reviews before counting them as passed gate checks.

Changes

Cohort / File(s)	Summary
Rate-Limit Detection Functions .agents/scripts/review-bot-gate-helper.sh	Added is_rate_limit_comment() to identify rate-limit/quota patterns and bot_has_real_review() to aggregate reviews, issue comments, and review comments using base64-encoding for safe multi-line handling and verify actual review content.
Gate Logic Enhancement .agents/scripts/review-bot-gate-helper.sh	Enhanced do_check() to distinguish real reviews from rate-limit notices; tracks rate-limited bots separately and returns PASS only for genuine reviews or WAITING for rate-limit-only scenarios.
Workflow Integration .github/workflows/review-bot-gate.yml	Updated decision logic to use new rate-limit detection, differentiate between real reviews and rate-limited notices in outputs, and adjust gate messages and summaries to reflect actual review status.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• t1382: Enforce wait-for-review-bots gate before PR merge #2739: Extends the review-bot gate workflow with rate-limit detection logic directly integrated into the same helper script functions.
• t2839: Fix cmd_pr_lifecycle fast-path merging PRs with zero reviews #2842: Affected by changes to review-bot-gate-helper behavior that this PR modifies through new detection functions.

Suggested labels

bug

Poem

🤖 The bots cried "quota!" with a rate-limit wail,
But the gate saw no truth—just a comment's false tale.
Now patterns reveal what is real from pretend,
PASS means real review (not "rate-limited") friend! ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: fixing review-bot-gate to distinguish rate-limit notices from real reviews, which is the core objective of the PR.
Linked Issues check	✅ Passed	The PR fully implements all requirements from issue #2980: rate-limit pattern detection [#2980], bot_has_real_review logic [#2980], WAITING return on rate-limit-only scenarios [#2980], and safe multi-line handling via base64 encoding [#2980].
Out of Scope Changes check	✅ Passed	All changes are directly aligned with issue #2980 objectives: rate-limit detection scaffolding, bot comment validation logic, gate decision flow updates, and status messaging are all in-scope and necessary.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch bugfix/review-bot-gate-rate-limit-filter

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

🔍 Code Quality Report

�[0;35m[MONITOR]�[0m Code Review Monitoring Report

�[0;34m[INFO]�[0m Latest Quality Status:
SonarCloud: 0 bugs, 0 vulnerabilities, 108 code smells

�[0;34m[INFO]�[0m Recent monitoring activity:
Fri Mar 6 05:17:12 UTC 2026: Code review monitoring started
Fri Mar 6 05:17:12 UTC 2026: SonarCloud - Bugs: 0, Vulnerabilities: 0, Code Smells: 108

📈 Current Quality Metrics

• BUGS: 0
• CODE SMELLS: 108
• VULNERABILITIES: 0

Generated on: Fri Mar 6 05:17:14 UTC 2026

---

Generated by AI DevOps Framework Code Review Monitoring

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[marcusquinn]

Resolves #2980

[coderabbitai]

🧹 Nitpick comments (2)

.agents/scripts/review-bot-gate-helper.sh (1)

86-97: Use printf instead of echo for safer pattern matching.

If $body ever starts with a dash (e.g., -e or -n), echo may interpret it as an option, causing unexpected behavior. Using printf '%s' is more robust.

🔧 Suggested improvement

 is_rate_limit_comment() {
 	# Check if a comment body matches any known rate-limit/quota pattern.
 	# Returns 0 if the comment IS a rate-limit notice (not a real review).
 	local body="$1"

 	for pattern in "${RATE_LIMIT_PATTERNS[@]}"; do
-		if echo "$body" | grep -qi "$pattern"; then
+		if printf '%s' "$body" | grep -qi "$pattern"; then
 			return 0
 		fi
 	done
 	return 1
 }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.agents/scripts/review-bot-gate-helper.sh around lines 86 - 97, The function
is_rate_limit_comment uses echo to pass $body to grep which can misinterpret
leading dashes; update the body feeding to use printf '%s' "$body" when checking
each RATE_LIMIT_PATTERNS entry so pattern matching is robust even if $body
begins with '-' or contains backslashes; keep the loop over RATE_LIMIT_PATTERNS
and the grep -qi check and preserve the same return values from
is_rate_limit_comment.

.github/workflows/review-bot-gate.yml (1)

95-133: Same printf vs echo consideration applies here.

The inline is_rate_limit_comment function has the same minor robustness concern as the helper script at line 99.

Note on code duplication: These helper functions are intentionally mirrored from the shell script for workflow portability. This creates a maintenance burden — changes need to be synchronized between both files. Consider documenting this relationship in a comment.

🔧 Optional: add sync reminder comment

+          # Helper: check if a comment body is a rate-limit notice
+          # NOTE: Mirrored from .agents/scripts/review-bot-gate-helper.sh — keep in sync
           is_rate_limit_comment() {
             local body="$1"
             for pattern in "${RATE_LIMIT_PATTERNS[@]}"; do
-              if echo "$body" | grep -qi "$pattern"; then
+              if printf '%s' "$body" | grep -qi "$pattern"; then
                 return 0
               fi
             done
             return 1
           }

+          # Helper: check if a bot has at least one real review (not rate-limited)
+          # NOTE: Mirrored from .agents/scripts/review-bot-gate-helper.sh — keep in sync
           bot_has_real_review() {

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/review-bot-gate.yml around lines 95 - 133, The helper
functions is_rate_limit_comment and bot_has_real_review use echo to emit/print
values; replace those echo uses (e.g., echo "$body", echo "$encoded", echo "")
with printf to avoid issues with leading hyphens, backslashes, or format-string
interpretation and make the parsing robust, and add a short comment above these
helpers noting they are mirrored from the shell script and must be kept in sync
to reduce maintenance drift.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In @.agents/scripts/review-bot-gate-helper.sh:
- Around line 86-97: The function is_rate_limit_comment uses echo to pass $body
to grep which can misinterpret leading dashes; update the body feeding to use
printf '%s' "$body" when checking each RATE_LIMIT_PATTERNS entry so pattern
matching is robust even if $body begins with '-' or contains backslashes; keep
the loop over RATE_LIMIT_PATTERNS and the grep -qi check and preserve the same
return values from is_rate_limit_comment.

In @.github/workflows/review-bot-gate.yml:
- Around line 95-133: The helper functions is_rate_limit_comment and
bot_has_real_review use echo to emit/print values; replace those echo uses
(e.g., echo "$body", echo "$encoded", echo "") with printf to avoid issues with
leading hyphens, backslashes, or format-string interpretation and make the
parsing robust, and add a short comment above these helpers noting they are
mirrored from the shell script and must be kept in sync to reduce maintenance
drift.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: dafe214d-9a5e-4b7a-bf67-474f66bcd2e0

📥 Commits

Reviewing files that changed from the base of the PR and between 4b4adeb and df8a16b.

📒 Files selected for processing (2)

• .agents/scripts/review-bot-gate-helper.sh
• .github/workflows/review-bot-gate.yml