feat: auto-create tasks from CodeRabbit findings with false positive filtering (t166.3) #778
Conversation
…filtering (t166.3) Add coderabbit-task-creator-helper.sh that reads findings from both the collector SQLite DB (PR reviews) and review-pulse JSON (CLI reviews), filters false positives, reclassifies severity using CodeRabbit's emoji markers, deduplicates, and generates TODO-compatible task lines with #auto-dispatch tags for supervisor pickup. Key capabilities: - False positive detection: walkthrough summaries, bot meta-comments, empty bodies (start-of-body vs anywhere-in-body distinction) - Severity reclassification: upgrades based on content patterns (rm -rf, path traversal, injection) and CodeRabbit emoji markers - Deduplication: same path + description matching - Manual verification: mark findings as valid or false positive - Supervisor integration: --dispatch flag triggers auto-pickup - Dual source: collector DB (PR reviews) + pulse JSON (CLI reviews) Tested against real data: 7 comments -> 2 FP filtered, 4 severity reclassified, 5 valid findings with accurate task descriptions. Also updates: - review-pulse-helper.sh: delegates tasks command to new script - coderabbit-collector-helper.sh: adds tasks command - coderabbit.md: documents auto-task creation workflow
…workflow (t166.3)" This reverts commit 858c8cd.
|
Warning Rate limit exceeded
⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ✨ Finishing touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Summary of ChangesHello @marcusquinn, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request significantly upgrades the automated handling of CodeRabbit review findings by introducing a dedicated task creation helper. It focuses on refining the quality of generated tasks by implementing sophisticated false positive filtering, intelligent severity reclassification, and deduplication. This ensures that development teams receive a cleaner, more accurate, and actionable list of tasks derived from code reviews, ultimately improving efficiency in addressing identified issues. Highlights
Changelog
Activity
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
🔍 Code Quality Report�[0;35m[MONITOR]�[0m Code Review Monitoring Report �[0;34m[INFO]�[0m Latest Quality Status: �[0;34m[INFO]�[0m Recent monitoring activity: 📈 Current Quality Metrics
Generated on: Mon Feb 9 16:01:21 UTC 2026 Generated by AI DevOps Framework Code Review Monitoring |
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces a significant new feature with the coderabbit-task-creator-helper.sh script, which automates the creation of TODO tasks from CodeRabbit findings. This is a great enhancement for streamlining the workflow of addressing code quality issues. The implementation is comprehensive, covering false positive filtering, severity reclassification, and deduplication. The delegation from existing scripts like review-pulse-helper.sh is well-handled with a fallback mechanism.
My review focuses on ensuring the new script adheres to the repository's shell scripting style guide. I've identified a few areas for improvement and left specific comments with suggestions. The main points are:
- Temporary File Cleanup: Using
trapfor cleaning up temporary files to ensure cleanup happens even on script errors. - Function Duplication: Leveraging shared functions from
shared-constants.shinstead of duplicating logging logic. - Error Output Redirection: Avoiding blanket suppression of
stderrto aid in debugging.
These changes will improve the script's robustness and maintainability. Overall, this is a solid contribution.
|
|
||
| # Write comments to temp file for process substitution (avoids subshell) | ||
| local tmp_file | ||
| tmp_file=$(mktemp) |
There was a problem hiding this comment.
This script uses set -e, which will cause it to exit on an error. If an error occurs within the while loop on lines 382-464, the rm -f "$tmp_file" on line 466 will not be executed, leaving a temporary file in /tmp.
The repository style guide (line 33) requires using trap for temporary file cleanup to ensure it's robust. Please add a trap command after creating the temporary file. This issue also exists in scan_pulse_findings() (line 506) and cmd_create() (line 707).
| tmp_file=$(mktemp) | |
| tmp_file=$(mktemp); trap 'rm -f "$tmp_file"' RETURN EXIT |
References
- Temporary files created with
mktempmust have atrapfor cleanup to ensure they are removed even if the script exits unexpectedly. (link)
|
|
||
| # Write findings to temp file to avoid subshell variable loss | ||
| local tmp_file | ||
| tmp_file=$(mktemp) |
There was a problem hiding this comment.
This script uses set -e, which will cause it to exit on an error. If an error occurs within the while loop on lines 509-544, the rm -f "$tmp_file" on line 546 will not be executed, leaving a temporary file in /tmp.
The repository style guide (line 33) requires using trap for temporary file cleanup to ensure it's robust. Please add a trap command after creating the temporary file.
| tmp_file=$(mktemp) | |
| tmp_file=$(mktemp); trap 'rm -f "$tmp_file"' RETURN EXIT |
References
- Temporary files created with
mktempmust have atrapfor cleanup to ensure they are removed even if the script exits unexpectedly. (link)
|
|
||
| # Write findings to temp file to avoid subshell variable loss | ||
| local tmp_create | ||
| tmp_create=$(mktemp) |
There was a problem hiding this comment.
This script uses set -e, which will cause it to exit on an error. If an error occurs within the while loop on lines 710-763, the rm -f "$tmp_create" on line 765 will not be executed, leaving a temporary file in /tmp.
The repository style guide (line 33) requires using trap for temporary file cleanup to ensure it's robust. Please add a trap command after creating the temporary file.
| tmp_create=$(mktemp) | |
| tmp_create=$(mktemp); trap 'rm -f "$tmp_create"' RETURN EXIT |
References
- Temporary files created with
mktempmust have atrapfor cleanup to ensure they are removed even if the script exits unexpectedly. (link)
| log_info() { echo -e "${BLUE}[TASK-CREATOR]${NC} $*"; return 0; } | ||
| log_success() { echo -e "${GREEN}[TASK-CREATOR]${NC} $*"; return 0; } | ||
| log_warn() { echo -e "${YELLOW}[TASK-CREATOR]${NC} $*"; return 0; } | ||
| log_error() { echo -e "${RED}[TASK-CREATOR]${NC} $*" >&2; return 0; } |
There was a problem hiding this comment.
These logging functions are duplicates of the print_* functions available in shared-constants.sh, which is sourced on line 27. The repository style guide (line 19) advises against duplicating these functions to maintain consistency and reduce code duplication.
Consider refactoring these to wrap the shared print_* functions to include the [TASK-CREATOR] prefix.
| log_info() { echo -e "${BLUE}[TASK-CREATOR]${NC} $*"; return 0; } | |
| log_success() { echo -e "${GREEN}[TASK-CREATOR]${NC} $*"; return 0; } | |
| log_warn() { echo -e "${YELLOW}[TASK-CREATOR]${NC} $*"; return 0; } | |
| log_error() { echo -e "${RED}[TASK-CREATOR]${NC} $*" >&2; return 0; } | |
| log_info() { print_info "[TASK-CREATOR] $*"; return 0; } | |
| log_success() { print_success "[TASK-CREATOR] $*"; return 0; } | |
| log_warn() { print_warning "[TASK-CREATOR] $*"; return 0; } | |
| log_error() { print_error "[TASK-CREATOR] $*"; return 0; } |
References
- Scripts should source
shared-constants.shand use its common functions likeprint_*instead of duplicating them. (link)
| local repo_root | ||
| repo_root=$(git rev-parse --show-toplevel 2>/dev/null || echo ".") | ||
|
|
||
| if "$supervisor" auto-pickup --repo "$repo_root" 2>/dev/null; then |
There was a problem hiding this comment.
The use of 2\u003e/dev/null here suppresses stderr output from the supervisor script. The repository style guide (line 50) states that 2\u003e/dev/null is only acceptable when redirecting to log files, not for blanket suppression.
The output from the supervisor could be valuable for debugging if it fails. It's better to redirect stderr to the script's log file.
| if "$supervisor" auto-pickup --repo "$repo_root" 2>/dev/null; then | |
| if "$supervisor" auto-pickup --repo "$repo_root" \u003e\u003e "$LOG_FILE" 2\u003e\u00261; then |
References
- Redirecting stderr to
/dev/nullis only acceptable when redirecting to a log file, not for blanket suppression of errors. (link)
1 participant
Summary
coderabbit-task-creator-helper.shthat reads CodeRabbit findings from both the collector SQLite DB (PR reviews) and review-pulse JSON (CLI reviews), filters false positives, reclassifies severity, deduplicates, and generates TODO-compatible task lines with#auto-dispatchtagsreview-pulse-helper.shto delegate itstaskscommand to the new script, with fallback to basic generationtaskscommand tocoderabbit-collector-helper.shfor direct DB-to-task creationKey Capabilities
rm -rf, path traversal, injection) and CodeRabbit emoji markersverify <id> --valid|--false-positive--dispatchflag triggersauto-pickupTesting
Tested against real CodeRabbit data (7 comments from PRs #762, #763):
info->criticalforrm -rfon empty variable)Commands
Note
The GitHub Actions workflow update (
.github/workflows/review-pulse.yml) was reverted from this PR due to OAuth token scope limitations. It can be applied separately by a user withworkflowscope.Closes #727