feat: add AI bot review verification to pr-loop and full-loop workflows (t129)

[alex-solovyev]

Summary

• Add verification steps before acting on AI bot review feedback (CHANGES_REQUESTED) across pr-loop, full-loop, and quality-loop workflows
• AI code review bots (Gemini, CodeRabbit, Copilot) can hallucinate — claiming Docker image versions don't exist, flagging correct file paths as wrong, or suggesting fixes that break working code
• This ensures agents verify factual claims against runtime/docs/project conventions before implementing bot suggestions

Changes

File	Change
pr-loop.md	Added "AI Bot Review Verification" section with 4-step verification workflow
full-loop.md	Updated OpenProse example to include evaluation step for review feedback
quality-loop-helper.sh	Added warning message in CHANGES_REQUESTED handler
build.txt	Added "AI Suggestion Verification" rule
AGENTS.md	Added "Bot Reviewer Feedback" guidance section

Task

Closes t129 from TODO.md

Summary by CodeRabbit

• Documentation
  • Added guidance to always verify AI code-review suggestions against runtime, docs, and project conventions before applying.
  • Introduced a clear verification workflow: check factual claims, dismiss incorrect suggestions with evidence, and address valid feedback.
  • Inserted explicit reminders in PR and review guidance to validate AI recommendations and re-run lint/type checks after changes.

[gemini-code-assist]

Summary of Changes

Hello @alex-solovyev, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request enhances the robustness of automated development workflows by introducing a critical verification layer for feedback received from AI code review bots. The primary goal is to mitigate risks associated with AI 'hallucinations' by ensuring that all bot-generated suggestions are fact-checked against reliable sources before implementation. This change aims to improve the reliability and correctness of code changes driven by AI feedback, thereby streamlining the development process while maintaining code quality.

Highlights

• AI Bot Review Verification: Introduced explicit verification steps for AI bot review feedback (e.g., from Gemini, CodeRabbit, Copilot) across pr-loop, full-loop, and quality-loop workflows to prevent blindly implementing potentially incorrect suggestions.
• Addressing AI Hallucinations: Added warnings and guidelines emphasizing that AI code review bots can 'hallucinate' (e.g., incorrect versions, file paths, or breaking fixes) and that factual claims must be verified against runtime, documentation, or project conventions.
• Workflow Integration: Integrated the verification process directly into the pr-loop and full-loop documentation, and added a warning message to the quality-loop-helper.sh script when 'CHANGES_REQUESTED' status is encountered.
• Documentation Updates: Updated AGENTS.md with a 'Bot Reviewer Feedback' guidance section and build.txt with an 'AI Suggestion Verification' rule, reinforcing the need for critical evaluation of AI suggestions.

Changelog

• .agent/AGENTS.md
  • Added a new section 'Bot Reviewer Feedback' providing guidance on how to handle suggestions from AI code review bots, emphasizing verification.
• .agent/prompts/build.txt
  • Included a new rule '# AI Suggestion Verification' detailing the importance of independently verifying AI tool suggestions before application.
• .agent/scripts/commands/full-loop.md
  • Modified the 'changes requested' step to explicitly include evaluation of review feedback, requiring verification of factual claims and addressing valid suggestions.
• .agent/scripts/commands/pr-loop.md
  • Added a new section 'AI Bot Review Verification' with a detailed 4-step process for verifying and acting upon feedback from AI review bots.
  • Updated the 'Changes requested' item to highlight the need for verification before acting on feedback.
• .agent/scripts/quality-loop-helper.sh
  • Inserted a print_warning message when 'CHANGES_REQUESTED' status is detected, reminding users to verify bot suggestions due to potential hallucinations.

Activity

• The pull request introduces new features and documentation, reflecting initial development activity.
• No specific review comments or discussions have been recorded yet, indicating it's likely a fresh submission or early in its review cycle.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[github-actions]

🔍 Code Quality Report

�[0;35m[MONITOR]�[0m Code Review Monitoring Report

�[0;34m[INFO]�[0m Latest Quality Status:
SonarCloud: 0 bugs, 0 vulnerabilities, 24 code smells

�[0;34m[INFO]�[0m Recent monitoring activity:
Fri Feb 6 17:02:17 UTC 2026: Code review monitoring started
Fri Feb 6 17:02:18 UTC 2026: SonarCloud - Bugs: 0, Vulnerabilities: 0, Code Smells: 24
Fri Feb 6 17:02:18 UTC 2026: Qlty - 0 issues found, auto-formatting applied
Fri Feb 6 17:02:20 UTC 2026: Codacy analysis completed with auto-fixes

📈 Current Quality Metrics

• BUGS: 0
• CODE SMELLS: 24
• VULNERABILITIES: 0

Generated on: Fri Feb 6 17:02:23 UTC 2026

---

Generated by AI DevOps Framework Code Review Monitoring

[coderabbitai]

Walkthrough

This PR inserts AI-reviewer verification guidance across agent docs and scripts, adding policy text and expanded session prompts that instruct verifying AI suggestions against runtime, docs, and project conventions; changes are informational only and do not modify control flow or exported interfaces.

Changes

Cohort / File(s)	Summary
Agent Documentation ​.agent/AGENTS.md, ​.agent/scripts/commands/full-loop.md, ​.agent/scripts/commands/pr-loop.md	Added guidance and a new subsection instructing verification of AI reviewer suggestions: check factual claims vs runtime/docs/conventions, dismiss incorrect suggestions with evidence, address valid feedback, and re-request review. Minor wording expansions in session descriptions.
AI Prompts ​.agent/prompts/build.txt	Inserted "AI Suggestion Verification" policy block and "Model-Specific Reinforcements" reminders (behavioral guidance: verify claims, follow project conventions, avoid unnecessary comments, run lint/type checks).
Quality Loop Tooling ​.agent/scripts/quality-loop-helper.sh	Replaced CHANGES_REQUESTED messaging with a warning about possible AI hallucinations and an explicit prompt to verify suggestions against runtime/docs before implementing; updated follow-up messaging to reference verified feedback.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• feat: add /pr-loop slash command for iterative PR monitoring #251 — Adds related PR-loop documentation changes that complement the verification workflow inserted here.
• chore: implement agent-review session improvements #27 — Similar updates to agent docs and PR/agent review flows emphasizing verification of AI suggestions.

Poem

🤖 Tiny prompts that caution and guide,
Verify claims before you decide.
Docs and runtime, test and trace,
Keep reviews honest—code with grace. ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title accurately describes the primary change: adding AI bot review verification to pr-loop and full-loop workflows, which aligns with all file modifications documented in the summary.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feature/t129-ai-bot-review-verification

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Code Review

This pull request introduces a crucial verification step for feedback from AI code review bots across several workflows. The changes include updates to documentation, AI prompts, and shell scripts to warn users and agents about the possibility of AI hallucinations and to enforce a verification process. The implementation is solid and the documentation is clear. I have a couple of minor suggestions to improve the readability of a warning message and a documentation snippet.

[github-actions]

🔍 Code Quality Report

�[0;35m[MONITOR]�[0m Code Review Monitoring Report

�[0;34m[INFO]�[0m Latest Quality Status:
SonarCloud: 0 bugs, 0 vulnerabilities, 24 code smells

�[0;34m[INFO]�[0m Recent monitoring activity:
Fri Feb 6 17:07:39 UTC 2026: Code review monitoring started
Fri Feb 6 17:07:40 UTC 2026: SonarCloud - Bugs: 0, Vulnerabilities: 0, Code Smells: 24
Fri Feb 6 17:07:40 UTC 2026: Qlty - 0 issues found, auto-formatting applied
Fri Feb 6 17:07:42 UTC 2026: Codacy analysis completed with auto-fixes

📈 Current Quality Metrics

• BUGS: 0
• CODE SMELLS: 24
• VULNERABILITIES: 0

Generated on: Fri Feb 6 17:07:45 UTC 2026

---

Generated by AI DevOps Framework Code Review Monitoring

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In @.agent/scripts/commands/pr-loop.md:
- Around line 57-66: Replace the "AI Bot Review Verification" block (currently
lines 57-66 in .agent/scripts/commands/pr-loop.md) with a single concise pointer
to the authoritative guidance in .agent/AGENTS.md:261; specifically, remove the
duplicated verification steps and replace them with one sentence such as "For
handling AI code reviewer feedback, see Bot Reviewer Feedback guidance in
.agent/AGENTS.md:261." Ensure the new line references AGENTS.md:261 exactly and
preserves surrounding headings/formatting in pr-loop.md.