From 54a3e8953f1e67aeabc91f1db7912f9616c977b5 Mon Sep 17 00:00:00 2001 From: Juan Pa Date: Mon, 13 Apr 2026 23:33:56 -0700 Subject: [PATCH 1/5] Clarify CodeRabbit auth recovery flow --- plugins/coderabbit/skills/coderabbit-review/SKILL.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/plugins/coderabbit/skills/coderabbit-review/SKILL.md b/plugins/coderabbit/skills/coderabbit-review/SKILL.md index 305009d2..2852945f 100644 --- a/plugins/coderabbit/skills/coderabbit-review/SKILL.md +++ b/plugins/coderabbit/skills/coderabbit-review/SKILL.md @@ -24,12 +24,14 @@ coderabbit --version coderabbit auth status --agent ``` -If auth is missing, run: +If auth is missing or the CLI reports the user is not authenticated, do not stop at the error. Run the login flow yourself: ```bash coderabbit auth login --agent ``` +Then re-run `coderabbit auth status --agent` and only continue to review commands after authentication succeeds. + ## Review Commands Default review: From 20b47bb5a1b047da17a1b43fe9d7330e2fe63862 Mon Sep 17 00:00:00 2001 From: Juan Pa Date: Mon, 13 Apr 2026 23:37:00 -0700 Subject: [PATCH 2/5] Set CodeRabbit auth to on use --- .agents/plugins/marketplace.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.agents/plugins/marketplace.json b/.agents/plugins/marketplace.json index ea360950..fac80e9d 100644 --- a/.agents/plugins/marketplace.json +++ b/.agents/plugins/marketplace.json @@ -338,7 +338,7 @@ }, "policy": { "installation": "AVAILABLE", - "authentication": "ON_INSTALL" + "authentication": "ON_USE" }, "category": "Coding" } From 97aed309e33980a810b8bcd969adc26e5a4d35ea Mon Sep 17 00:00:00 2001 From: Juan Pa Date: Thu, 16 Apr 2026 18:25:33 -0400 Subject: [PATCH 3/5] Tighten review failure handling and rename findings to issues - Require explicit failure reporting on any CLI error (auth, missing CLI, network, timeout) instead of falling back to a manual review - Use "issues" in the user-facing summary for clearer phrasing - Trim defaultPrompt to the single primary prompt and bump to 1.1.1 Co-Authored-By: Claude Opus 4.7 (1M context) --- plugins/coderabbit/.codex-plugin/plugin.json | 6 ++---- plugins/coderabbit/skills/coderabbit-review/SKILL.md | 8 ++++---- 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/plugins/coderabbit/.codex-plugin/plugin.json b/plugins/coderabbit/.codex-plugin/plugin.json index 46e42fe8..7eecf7ef 100644 --- a/plugins/coderabbit/.codex-plugin/plugin.json +++ b/plugins/coderabbit/.codex-plugin/plugin.json @@ -1,6 +1,6 @@ { "name": "coderabbit", - "version": "1.1.0", + "version": "1.1.1", "description": "AI-powered code review in Codex, powered by CodeRabbit.", "author": { "name": "CodeRabbit AI", @@ -34,9 +34,7 @@ "composerIcon": "./assets/coderabbit-small.png", "logo": "./assets/coderabbit.png", "defaultPrompt": [ - "Review my current changes and provide feedback", - "Find the highest-risk issues in this branch", - "Turn CodeRabbit findings into fixes" + "Review my current changes and provide feedback" ], "screenshots": [] } diff --git a/plugins/coderabbit/skills/coderabbit-review/SKILL.md b/plugins/coderabbit/skills/coderabbit-review/SKILL.md index 2852945f..5fe99ddc 100644 --- a/plugins/coderabbit/skills/coderabbit-review/SKILL.md +++ b/plugins/coderabbit/skills/coderabbit-review/SKILL.md @@ -56,7 +56,7 @@ If `AGENTS.md`, `.coderabbit.yaml`, or `CLAUDE.md` exist in the repo root, pass - Parse each NDJSON line independently. - Collect `finding` events and group them by severity. - Ignore `status` events in the user-facing summary. -- If an `error` event is returned, report the failure instead of inventing a manual review. +- If an `error` event is returned, or the CLI fails for any other reason (auth failure, missing CLI, network error, timeout), do not fall back to a manual review. Report the exact failure and tell the user how to resolve it (e.g. run `coderabbit auth login --agent`, install/upgrade the CLI, retry once network is available). - Treat a running CodeRabbit review as healthy for up to 10 minutes even if output is quiet. - Do not emit intermediary waiting or polling messages during that 10-minute window. - Only report timeout or failure after the full 10-minute wait budget is exhausted. @@ -64,11 +64,11 @@ If `AGENTS.md`, `.coderabbit.yaml`, or `CLAUDE.md` exist in the repo root, pass ## Result Format - Start with a brief summary of the changes in the diff. -- On a new line, state how many findings CodeRabbit found. -- Present findings ordered by severity: critical, major, minor. +- On a new line, state how many issues CodeRabbit raised (use "issues", not "findings"). +- Present issues ordered by severity: critical, major, minor. - Format the severity/category label with a space between the emoji and the text, for example `❗ Critical`, `⚠️ Major`, and `ℹ️ Minor`. - Include file path, impact, and the concrete fix direction. -- If there are no findings, say `CodeRabbit found 0 findings.` and do not invent issues. +- If there are none, say `CodeRabbit raised 0 issues.` and do not invent any. ## Guardrails From e405d8d9b11af49b32bf0d8306742bcaef1da842 Mon Sep 17 00:00:00 2001 From: Juan Pa Date: Sat, 18 Apr 2026 10:52:02 -0400 Subject: [PATCH 4/5] Apply CodeRabbit review feedback on SKILL.md and plugin.json MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Tighten wording across the review skill and plugin metadata: finish the findings→issues rename, clarify silence/prerequisite rules, sharpen imperative verbs, and fix a stray leading space in shortDescription. Thanks to CodeRabbit for the thorough review. --- plugins/coderabbit/.codex-plugin/plugin.json | 4 ++-- .../skills/coderabbit-review/SKILL.md | 24 +++++++++---------- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/plugins/coderabbit/.codex-plugin/plugin.json b/plugins/coderabbit/.codex-plugin/plugin.json index 7eecf7ef..90b90c56 100644 --- a/plugins/coderabbit/.codex-plugin/plugin.json +++ b/plugins/coderabbit/.codex-plugin/plugin.json @@ -19,8 +19,8 @@ "skills": "./skills/", "interface": { "displayName": "CodeRabbit", - "shortDescription": " Run AI-powered code review for your current changes", - "longDescription": "Run CodeRabbit review workflows in Codex to inspect diffs, surface actionable findings, and turn review output into follow-up fixes.", + "shortDescription": "Run AI-powered code review for your current changes", + "longDescription": "Run CodeRabbit review workflows in Codex to inspect diffs, surface actionable issues, and turn review output into follow-up fixes.", "developerName": "CodeRabbit", "category": "Coding", "capabilities": [ diff --git a/plugins/coderabbit/skills/coderabbit-review/SKILL.md b/plugins/coderabbit/skills/coderabbit-review/SKILL.md index 5fe99ddc..086f8490 100644 --- a/plugins/coderabbit/skills/coderabbit-review/SKILL.md +++ b/plugins/coderabbit/skills/coderabbit-review/SKILL.md @@ -1,30 +1,30 @@ --- name: code-review -description: Reviews code changes using CodeRabbit AI. Use when user asks for code review, PR feedback, code quality checks, security issues, or wants autonomous fix-review cycles. +description: Reviews code changes using CodeRabbit AI. Use when user asks for code review, PR feedback, code quality checks, security issues, or requests fix-review cycles. --- # CodeRabbit Review -Use this skill to run CodeRabbit from the terminal, summarize the findings, and help implement follow-up fixes. +Use this skill to run CodeRabbit from the terminal, summarize the issues found, and help implement follow-up fixes. -Stay silent while an active review is running. Do not send progress commentary about waiting, polling, remote processing, or scope selection once `coderabbit review` has started. Only message the user if authentication or other prerequisite action is required, when the review completes with results, or when the review has failed or timed out after the full wait window. +Stay silent while an active review is running. Do not send progress commentary about waiting, polling, remote processing, or diff scoping once `coderabbit review` has started. Only message the user if an authentication step or other prerequisite is needed, when the review completes with results, or when the review has failed or timed out after the full wait window. ## Prerequisites -1. Confirm the repo is a git worktree. +1. Confirm the working directory is inside a git repository. 2. Check the CLI: ```bash coderabbit --version ``` -3. Check auth in agent mode: +3. Verify authentication in agent mode: ```bash coderabbit auth status --agent ``` -If auth is missing or the CLI reports the user is not authenticated, do not stop at the error. Run the login flow yourself: +If auth is missing or the CLI reports the user is not authenticated, do not stop at the error. Initiate the login flow: ```bash coderabbit auth login --agent @@ -49,7 +49,7 @@ coderabbit review --agent --base main coderabbit review --agent --base-commit ``` -If `AGENTS.md`, `.coderabbit.yaml`, or `CLAUDE.md` exist in the repo root, pass the files that exist with `-c` to improve review quality. +If any of `AGENTS.md`, `.coderabbit.yaml`, or `CLAUDE.md` exist in the repo root, pass them with `-c` to improve review quality. ## Output Handling @@ -57,17 +57,17 @@ If `AGENTS.md`, `.coderabbit.yaml`, or `CLAUDE.md` exist in the repo root, pass - Collect `finding` events and group them by severity. - Ignore `status` events in the user-facing summary. - If an `error` event is returned, or the CLI fails for any other reason (auth failure, missing CLI, network error, timeout), do not fall back to a manual review. Report the exact failure and tell the user how to resolve it (e.g. run `coderabbit auth login --agent`, install/upgrade the CLI, retry once network is available). -- Treat a running CodeRabbit review as healthy for up to 10 minutes even if output is quiet. -- Do not emit intermediary waiting or polling messages during that 10-minute window. -- Only report timeout or failure after the full 10-minute wait budget is exhausted. +- Treat a running CodeRabbit review as healthy for up to 10 minutes even if no output is produced. +- Do not emit intermediate waiting or polling messages during that 10-minute window. +- Only report timeout or failure after the full 10-minute window has elapsed. ## Result Format - Start with a brief summary of the changes in the diff. - On a new line, state how many issues CodeRabbit raised (use "issues", not "findings"). - Present issues ordered by severity: critical, major, minor. -- Format the severity/category label with a space between the emoji and the text, for example `❗ Critical`, `⚠️ Major`, and `ℹ️ Minor`. -- Include file path, impact, and the concrete fix direction. +- Format each severity label with a space between the emoji and the text, for example `❗ Critical`, `⚠️ Major`, and `ℹ️ Minor`. +- Include the file path, impact, and a concrete suggested fix. - If there are none, say `CodeRabbit raised 0 issues.` and do not invent any. ## Guardrails From 5766c8698daa2a15520809b3dccfdb62168b6d99 Mon Sep 17 00:00:00 2001 From: Juan Pa Date: Sat, 18 Apr 2026 11:45:51 -0400 Subject: [PATCH 5/5] Install CodeRabbit CLI when missing before auth --- plugins/coderabbit/skills/coderabbit-review/SKILL.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/plugins/coderabbit/skills/coderabbit-review/SKILL.md b/plugins/coderabbit/skills/coderabbit-review/SKILL.md index 0823b24d..eac606bc 100644 --- a/plugins/coderabbit/skills/coderabbit-review/SKILL.md +++ b/plugins/coderabbit/skills/coderabbit-review/SKILL.md @@ -18,13 +18,21 @@ Stay silent while an active review is running. Do not send progress commentary a coderabbit --version ``` +If the command is not found or reports that CodeRabbit is not installed, do not stop at the error. Install it: + +```bash +curl -fsSL https://cli.coderabbit.ai/install.sh | sh +``` + +Then re-run `coderabbit --version` to confirm the install succeeded before continuing. After a fresh install, proceed to the authentication step — the user will need to log in. + 3. Verify authentication in agent mode: ```bash coderabbit auth status --agent ``` -If auth is missing or the CLI reports the user is not authenticated, do not stop at the error. Initiate the login flow: +If auth is missing or the CLI reports the user is not authenticated (including right after a fresh install), do not stop at the error. Initiate the login flow: ```bash coderabbit auth login --agent