t1422: Cap quality-debt PR blast radius at 5 files to prevent conflict cascades

[marcusquinn]

Summary

Adds systemic controls to prevent the quality-debt PR conflict cascade observed in March 2026, where 19 of 30 open PRs were CONFLICTING because batch quality-debt PRs touched 10-69 files each.

Root cause: Multiple quality-debt workers dispatched concurrently create large-batch PRs that all touch overlapping files. Each merge moves main, invalidating every other PR's base. The cascade is self-reinforcing — the longer the queue, the more conflicts, the slower the merges.

Changes

pulse.md — Supervisor dispatch rules

• 5-file hard cap: Quality-debt PRs must touch at most 5 files
• File-level dedup: Skip dispatch if an open PR already touches the same files
• Serial merge pipeline: Only one quality-debt PR open per repo at a time — merge first, then dispatch next
• Stale PR cleanup: Auto-close conflicting quality-debt PRs older than 24 hours with explanation

full-loop.md — Worker-side enforcement

• 5-file cap with detection: Workers count changed files before PR creation and split if over 5
• Follow-up issue creation: Workers file issues for remaining files beyond the 5-file cap
• Scope: Applies only to quality-debt, simplification-debt, and batch-fix tasks — not features or bug fixes

PR Queue Cleanup (done in this session)

• Closed 18 conflicting quality-debt PRs with explanation comments
• Merged 3 approved+mergeable PRs (fix: HIGH quality-debt batch — logic bugs, exit codes, path typo, arg guards #3947, t1418: Deduplicate claim-task-id.sh guidance (3x → 1x canonical) #3925, fix: security hardening — path traversal, injection, jq filter bug (batch 3) #3877)
• Reduced open PRs from 30 → 9

Evidence

Metric	Before	After
Open PRs	30	9
Conflicting PRs	19 (63%)	0 (0%)
Largest PR (files)	69	4 (this PR: 2 content files)

Closes #3955

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request addresses a critical issue of merge conflict cascades caused by large quality-debt PRs. By introducing systemic controls at both the supervisor and worker levels, it aims to limit the "blast radius" of such PRs to a maximum of 5 files. This strategy is designed to significantly reduce conflicts, accelerate merges, and improve the overall stability of the development pipeline, as evidenced by the immediate reduction in open and conflicting PRs.

Highlights

• Quality-debt PR blast radius cap: Implemented a hard cap of 5 files for quality-debt, simplification-debt, and batch-fix PRs to prevent conflict cascades.
• Supervisor dispatch rules (pulse.md): Introduced rules for the supervisor, including preferring per-file issues, file-level deduplication before dispatch, and a serial merge pipeline for quality-debt PRs.
• Worker-side enforcement (full-loop.md): Workers will now count changed files before PR creation, split work if over 5 files, and create follow-up issues for remaining tasks.
• Stale PR cleanup: Added an automated process to close conflicting quality-debt PRs older than 24 hours, with an explanation and relabeling of issues.

Changelog

• .agents/scripts/commands/full-loop.md
  • Added a new section detailing the "Quality-debt blast radius cap" (t1422).
  • Provided a rationale for the 5-file cap, explaining how large PRs lead to conflict cascades.
  • Outlined compliance steps for workers, including implementing only the first 5 files, filing follow-up issues, and avoiding single large PRs.
  • Included a bash script snippet for detecting changed files and warning if the 5-file limit is exceeded.
  • Clarified that this rule applies only to quality-debt, simplification-debt, and batch-fix tasks, not features or bug fixes.
• .agents/scripts/commands/pulse.md
  • Introduced a new section "Quality-debt PR blast radius cap (t1422)" explaining the problem and the 5-file rule.
  • Detailed three enforcement mechanisms for the pulse: preferring per-file issues, file-level deduplication before dispatch, and a serial merge pipeline for quality-debt PRs.
  • Included bash script examples for checking open PR files and open quality-debt PRs.
  • Provided a justification for the 5-file limit based on conflict probability.
  • Added a new section "Stale quality-debt PR cleanup" with instructions and a bash command for automatically closing conflicting quality-debt PRs older than 24 hours.

Activity

• Closed 18 conflicting quality-debt PRs with explanation comments.
• Merged 3 approved and mergeable PRs (fix: HIGH quality-debt batch — logic bugs, exit codes, path typo, arg guards #3947, t1418: Deduplicate claim-task-id.sh guidance (3x → 1x canonical) #3925, fix: security hardening — path traversal, injection, jq filter bug (batch 3) #3877).
• Reduced open PRs from 30 to 9.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[coderabbitai]

Warning

Rate limit exceeded

@marcusquinn has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 22 minutes and 56 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 176afd70-f06c-4a32-a938-82c5e1db5865

📥 Commits

Reviewing files that changed from the base of the PR and between ed2474f and 614e4f9.

📒 Files selected for processing (2)

• .agents/scripts/commands/full-loop.md
• .agents/scripts/commands/pulse.md

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/t1422-quality-debt-pr-cascade

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

🔍 Code Quality Report

�[0;35m[MONITOR]�[0m Code Review Monitoring Report

�[0;34m[INFO]�[0m Latest Quality Status:
SonarCloud: 0 bugs, 0 vulnerabilities, 393 code smells

�[0;34m[INFO]�[0m Recent monitoring activity:
Mon Mar 9 04:18:59 UTC 2026: Code review monitoring started
Mon Mar 9 04:18:59 UTC 2026: SonarCloud - Bugs: 0, Vulnerabilities: 0, Code Smells: 393

📈 Current Quality Metrics

• BUGS: 0
• CODE SMELLS: 393
• VULNERABILITIES: 0

Generated on: Mon Mar 9 04:19:02 UTC 2026

---

Generated by AI DevOps Framework Code Review Monitoring

[gemini-code-assist]

Code Review

This pull request introduces a valuable strategy to cap the size of quality-debt PRs, which will help prevent merge conflict cascades and improve the overall development workflow. The documentation changes are clear and well-structured. My review focuses on improving the robustness of the example shell scripts in pulse.md by removing error suppression that could hide important system or authentication issues, in line with repository guidelines.

_{Note: Security Review has been skipped due to the limited scope of the PR.}

[gemini-code-assist]

Using 2>/dev/null here suppresses all error messages from the gh and jq commands. This can hide important issues like authentication failures, network problems, or incorrect repository slugs, leading to silent failures that are difficult to debug.

This practice violates a general rule for this repository: 'Avoid using '2>/dev/null' for blanket suppression of command errors in shell scripts to ensure that authentication, syntax, or system issues remain visible for debugging.'

Please remove the error suppression. The gh pr list command will gracefully handle cases with no open PRs by returning an empty list, which jq will process without error.

Suggested change

	OPEN_PR_FILES=$(gh pr list --repo <slug> --state open --json number,files \
	--jq '[.[].files[].path] | unique | .[]' 2>/dev/null)
	OPEN_PR_FILES=$(gh pr list --repo <slug> --state open --json number,files \
	--jq '[.[].files[].path] | unique | .[]')

References

1. Avoid using '2>/dev/null' for blanket suppression of command errors in shell scripts to ensure that authentication, syntax, or system issues remain visible for debugging.

[gemini-code-assist]

Similar to the previous comment, using 2>/dev/null here hides potentially critical errors from gh and jq, such as authentication or syntax issues. While || echo 0 provides a fallback for when no matching PRs are found, it's better to let genuine errors surface for easier debugging.

This violates the repository's general rule: 'In shell scripts with 'set -e' enabled, use '|| true' to prevent the script from exiting when a command like 'jq' fails on an optional lookup. Do not suppress stderr with '2>/dev/null' so that actual syntax or system errors remain visible for debugging.'

Removing 2>/dev/null will make the script more robust by allowing system and authentication errors to be visible, while the || echo 0 will still correctly handle the case where no matching PRs are found.

Suggested change

	OPEN_DEBT_PRS=$(gh pr list --repo <slug> --state open \
	--json number,title,labels \
	--jq '[.[] | select(.labels[]?.name == "quality-debt" or (.title | test("quality.debt|fix:.*batch|fix:.*harden"; "i")))] | length' \
	2>/dev/null || echo 0)
	OPEN_DEBT_PRS=$(gh pr list --repo <slug> --state open \
	--json number,title,labels \
	--jq '[.[] | select(.labels[]?.name == "quality-debt" or (.title | test("quality.debt|fix:.*batch|fix:.*harden"; "i")))] | length' \
	|| echo 0)

References

1. In shell scripts with 'set -e' enabled, use '|| true' to prevent the script from exiting when a command like 'jq' fails on an optional lookup. Do not suppress stderr with '2>/dev/null' so that actual syntax or system errors remain visible for debugging.

[github-actions]

🔍 Code Quality Report

�[0;35m[MONITOR]�[0m Code Review Monitoring Report

�[0;34m[INFO]�[0m Latest Quality Status:
SonarCloud: 0 bugs, 0 vulnerabilities, 393 code smells

�[0;34m[INFO]�[0m Recent monitoring activity:
Mon Mar 9 04:22:14 UTC 2026: Code review monitoring started
Mon Mar 9 04:22:14 UTC 2026: SonarCloud - Bugs: 0, Vulnerabilities: 0, Code Smells: 393

📈 Current Quality Metrics

• BUGS: 0
• CODE SMELLS: 393
• VULNERABILITIES: 0

Generated on: Mon Mar 9 04:22:17 UTC 2026

---

Generated by AI DevOps Framework Code Review Monitoring

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud