Enable Factory Droid automated code review#164
Conversation
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
|
Warning You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again! |
|
Warning Rate limit exceeded
To keep reviews running without waiting, you can enable usage-based add-on for your organization. This allows additional reviews beyond the hourly cap. Account admins can enable it under billing. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Organization UI Review profile: ASSERTIVE Plan: Pro Run ID: 📒 Files selected for processing (2)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Review rate limit: 0/1 reviews remaining, refill in 37 minutes and 2 seconds.Comment |
|
Droid encountered an error —— View job Droid is reviewing code and running a security check… |
|
Droid encountered an error —— View job |
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
|
Superseded by #172, which replaces this PR with the BYOK-safe Factory Droid template: MiniMax M2.7 via Droid BYOK, SHA-pinned safe action, same-repo guard, trusted-actor manual @droid, scheduled security scan, and repair-queue review guidance. Background: the Droid jobs on this PR failed on 2026-05-04 with Leaving open for now; will close on merge of #172. |
Replaces the prior Factory Droid setup (#164) that was failing on every run because FACTORY_API_KEY was missing and the workflows used Factory-AI/droid-action@main with no same-repo guard, no trusted-actor guard, and no debug-artifact controls. The new rollout follows the BYOK-safe template documented in the Factory Droid rollout spec: Workflows - .github/workflows/droid-review.yml — automatic same-repo PR review on opened/synchronize/ready_for_review/reopened. Same-repo guard. Draft PRs reviewable. [skip-review] title opt-out. cancel-in-progress: false. - .github/workflows/droid.yml — manual @droid for OWNER/MEMBER/ COLLABORATOR. Same-repo guard on the pull_request branch. - .github/workflows/droid-security-scan.yml — scheduled (Mon 08:00 UTC) and workflow_dispatch. 7-day window, medium threshold, critical blocking, high non-blocking. All three workflows - MiniMax M2.7 via Factory Droid BYOK. Runtime settings written to $HOME/.factory/settings.local.json via single-quoted heredoc so ${MINIMAX_API_KEY} stays literal in the file. - review_model and security_model: custom:MiniMax-M2.7-0. - review_depth: shallow on review/tag paths. - show_full_output: false. - upload_debug_artifacts: false. - actions/checkout@93cb6ef # v5. - EffortlessMetrics/droid-action-safe@7c1377c. - No pull_request_target. No raw debug artifacts. No ANTHROPIC_AUTH_TOKEN / ANTHROPIC_BASE_URL. Review guidance - .factory/skills/review-guidelines/SKILL.md — Shipper product contract, required context, [P0|P1|P2] finding format, no-naked-LGTM record, evidence provenance (Observed / Reported / Not verified), notification hygiene. - .factory/rules/droid-review.md — compact rules, Shipper priority surfaces (registry correctness, reconciliation, resume/idempotency, events/state/receipt coherence, token redaction, release workflow). - docs/agent-context/review-invariants.md — durable product, CI, and Droid-workflow invariants. - docs/agent-context/droid-smoke-tests.md — post-merge verification procedure. - AGENTS.md — adds an "Automated review" section linking the four files. Prerequisites - FACTORY_API_KEY and MINIMAX_API_KEY must be available to this repo (org-scoped or repo-scoped) before merge. - Factory Droid GitHub App is already installed (OIDC handshake succeeded on the prior #164 run; only the API key was missing). Static validation - YAML parse passed for all three workflows. - No Factory-AI/droid-action reference. - No pull_request_target. - Safe Droid action SHA + checkout SHA pinned in all three workflows. - upload_debug_artifacts: false and show_full_output: false in all three workflows. - Same-repo guard present on auto-review and on the pull_request branch of the manual workflow. - Trusted-actor (OWNER/MEMBER/COLLABORATOR) guard on every event branch of the manual workflow. - cancel-in-progress: false on review and security-scan. - Quoted heredoc with literal ${MINIMAX_API_KEY} in all three workflows.
This PR adds Factory Droid automated code review workflows.
Generate a key at https://app.factory.ai/settings/api-keys
Docs: https://docs.factory.ai