Skip to content

chore: auto-approve issue-free PRs and add product labels in Qodo#12457

Merged
zkochan merged 1 commit into
mainfrom
code-review-impr
Jun 16, 2026
Merged

chore: auto-approve issue-free PRs and add product labels in Qodo#12457
zkochan merged 1 commit into
mainfrom
code-review-impr

Conversation

@zkochan

@zkochan zkochan commented Jun 16, 2026

Copy link
Copy Markdown
Member

What

Two changes to .pr_agent.toml (Qodo Merge config):

  1. Auto-approval when no issues are found. Under [pr_reviewer], enable enable_auto_approval + auto_approve_for_no_suggestions, so Qodo approves a PR when the review yields zero suggestions.

  2. Product labels. Three custom labels assigned by /agentic_describe based on which stack the diff touches:

    • product: pnpm — the TypeScript pnpm CLI (anything outside pacquet/ and pnpr/)
    • product: pacquet — the Rust port (pacquet/)
    • product: pnpr — the registry server (pnpr/ and pacquet/crates/pnpr-*)

    More than one can apply to a single PR (e.g. a pnpm↔pacquet parity change).

Notes

  • Qodo's auto-approval and custom-label settings only take effect from the config file on the default branch, so they activate once this merges.
  • The three labels must exist in the repo's GitHub label list (or Qodo needs label-create permission) to attach reliably.

Written by an agent (Claude Code, claude-opus-4-8).

Summary by CodeRabbit

  • Chores
    • Updated internal tooling configuration to enable custom PR labeling and auto-approval workflow for pull requests with no review suggestions.

Enable Qodo Merge auto-approval when the review finds no suggestions, and
add three custom labels (product: pnpm, product: pacquet, product: pnpr)
assigned by the describe tool based on which stack the diff touches.
@qodo-free-for-open-source-projects

qodo-free-for-open-source-projects Bot commented Jun 16, 2026

Copy link
Copy Markdown

Code Review by Qodo

🐞 Bugs (1) 📘 Rule violations (0)

Grey Divider


Action required

1. Bot auto-approves PRs 🐞 Bug ⛨ Security
Description
The config enables Qodo to submit an APPROVE review automatically when /agentic_review produces zero
suggestions, and /agentic_review is configured to run automatically on PR open and on pushes for all
authors except a small bot ignore list. This introduces a bot-generated approval that can be
mistaken for human review and (depending on branch protection settings) may count toward required
approvals, weakening the review gate for untrusted PRs.
Code

.pr_agent.toml[R57-63]

+[pr_reviewer]
+# Auto-approve a PR when the review finds no issues to fix.
+# enable_auto_approval is the required master switch (off by default);
+# auto_approve_for_no_suggestions approves when the review yields zero suggestions.
+# These only take effect from the config file on the default branch.
+enable_auto_approval = true
+auto_approve_for_no_suggestions = true
Evidence
The repository config shows /agentic_review is automatically executed on PR open and on pushes, and
the ignore list only excludes two bot accounts; with the newly enabled pr_reviewer auto-approval
flags, Qodo can emit an APPROVE review for most PRs whenever it finds zero suggestions.

.pr_agent.toml[1-14]
.pr_agent.toml[16-23]
.pr_agent.toml[57-63]

Agent prompt
The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
Enabling auto-approval creates a bot-generated GitHub “APPROVE” review when the reviewer has zero suggestions. Because `/agentic_review` runs automatically on PR open and push for almost all authors, this can unintentionally weaken the human-review gate if branch protection counts GitHub App approvals.

## Issue Context
This PR changes repo-wide PR automation behavior once merged into the default branch.

## Fix Focus Areas
- .pr_agent.toml[1-14]
- .pr_agent.toml[16-23]
- .pr_agent.toml[57-63]

## Suggested fix
Choose one of:
1) **Disable auto-approval** by setting `enable_auto_approval = false` (and/or removing `auto_approve_for_no_suggestions`).
2) **Keep auto-approval but harden the merge gate**: ensure branch protection requires approvals from humans/code owners and does **not** accept GitHub App/bot approvals toward the required count.
3) If supported by Qodo/PR-Agent in this repo, **restrict auto-approval scope** (e.g., only allowlisted authors/branches) so untrusted contributors can’t receive bot approvals.

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools


Grey Divider

Qodo Logo

@qodo-free-for-open-source-projects

Copy link
Copy Markdown

PR Summary by Qodo

Enable Qodo auto-approval for issue-free reviews and add product labels
⚙️ Configuration changes ✨ Enhancement 🕐 Less than 10 minutes

Grey Divider

Walkthroughs

Description
• Enable Qodo auto-approval when reviews return zero suggestions.
• Configure /agentic_describe to apply and publish product-scoped PR labels.
• Define three custom product labels to route changes by stack ownership.
Diagram
graph TD
  PR{{"GitHub PR"}} --> CFG[".pr_agent.toml"] --> QODO["Qodo Merge"] --> DESC["/agentic_describe"] --> LABELS["Product labels"]
  QODO --> REVIEW["PR reviewer"] --> PR
Loading
High-Level Assessment

The following are alternative approaches to this PR:

1. Gate auto-approval behind required status checks
  • ➕ Keeps auto-approval but ensures CI/security checks pass first
  • ➕ Reduces risk of merging low-signal or misconfigured reviews
  • ➖ Requires GitHub branch protection/status check configuration beyond Qodo
  • ➖ Slightly more admin/maintenance overhead
2. Restrict auto-approval to a subset of PRs (e.g., docs/chore)
  • ➕ Limits blast radius if the model misses issues in higher-risk code
  • ➕ Aligns automation with team policy for low-risk changes
  • ➖ Requires additional routing rules/filters (if supported)
  • ➖ May reduce the benefit of auto-approval on legitimate small fixes
3. Label-only rollout first, then enable auto-approval later
  • ➕ Validates label taxonomy and permissions without changing approval semantics
  • ➕ Easier to spot mislabeling before adding workflow automation
  • ➖ Delays the main workflow improvement (auto-approval)
  • ➖ Adds an extra rollout step

Recommendation: The PR’s approach is reasonable for teams that already trust Qodo’s review signal, but consider pairing auto-approval with branch protection (required status checks) to avoid merges when CI is red or incomplete. If governance is stricter, roll out labeling first and enable auto-approval after observing review quality for a period.

Grey Divider

File Changes

Other (1)
.pr_agent.toml Configure custom product labels and issue-free auto-approval +26/-0

Configure custom product labels and issue-free auto-approval

• Enables custom labels for /agentic_describe and publishes selected labels onto PRs. Adds three product-scoped label definitions (pnpm, pacquet, pnpr). Enables PR reviewer auto-approval when the review produces zero suggestions.

.pr_agent.toml


Grey Divider

Qodo Logo

@zkochan zkochan merged commit b1a28e0 into main Jun 16, 2026
11 of 12 checks passed
@zkochan zkochan deleted the code-review-impr branch June 16, 2026 21:26
Comment thread .pr_agent.toml
Comment on lines +57 to +63
[pr_reviewer]
# Auto-approve a PR when the review finds no issues to fix.
# enable_auto_approval is the required master switch (off by default);
# auto_approve_for_no_suggestions approves when the review yields zero suggestions.
# These only take effect from the config file on the default branch.
enable_auto_approval = true
auto_approve_for_no_suggestions = true

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Action required

1. Bot auto-approves prs 🐞 Bug ⛨ Security

The config enables Qodo to submit an APPROVE review automatically when /agentic_review produces zero
suggestions, and /agentic_review is configured to run automatically on PR open and on pushes for all
authors except a small bot ignore list. This introduces a bot-generated approval that can be
mistaken for human review and (depending on branch protection settings) may count toward required
approvals, weakening the review gate for untrusted PRs.
Agent Prompt
## Issue description
Enabling auto-approval creates a bot-generated GitHub “APPROVE” review when the reviewer has zero suggestions. Because `/agentic_review` runs automatically on PR open and push for almost all authors, this can unintentionally weaken the human-review gate if branch protection counts GitHub App approvals.

## Issue Context
This PR changes repo-wide PR automation behavior once merged into the default branch.

## Fix Focus Areas
- .pr_agent.toml[1-14]
- .pr_agent.toml[16-23]
- .pr_agent.toml[57-63]

## Suggested fix
Choose one of:
1) **Disable auto-approval** by setting `enable_auto_approval = false` (and/or removing `auto_approve_for_no_suggestions`).
2) **Keep auto-approval but harden the merge gate**: ensure branch protection requires approvals from humans/code owners and does **not** accept GitHub App/bot approvals toward the required count.
3) If supported by Qodo/PR-Agent in this repo, **restrict auto-approval scope** (e.g., only allowlisted authors/branches) so untrusted contributors can’t receive bot approvals.

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

@coderabbitai

coderabbitai Bot commented Jun 16, 2026

Copy link
Copy Markdown

Review Change Stack

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 88a92ad2-cc5e-4660-9cd4-fed8d28c398f

📥 Commits

Reviewing files that changed from the base of the PR and between 8081aac and d85247f.

📒 Files selected for processing (1)
  • .pr_agent.toml

📝 Walkthrough

Walkthrough

.pr_agent.toml gains 26 lines: custom label selection and auto-publishing are enabled for /agentic_describe, three product-scoped labels (pnpm, pacquet, pnpr) are defined, and a new [pr_reviewer] section enables auto-approval when a review produces no suggestions.

Changes

PR Agent Configuration

Layer / File(s) Summary
Custom labels and auto-approval settings
.pr_agent.toml
Enables custom label selection and automatic label publishing during /agentic_describe, adds three product label definitions (product: pnpm, product: pacquet, product: pnpr), and introduces a [pr_reviewer] section that turns on auto-approval when the review finds no suggestions.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

  • pnpm/pnpm#12264: Modifies the same .pr_agent.toml to configure Qodo agent behavior around /agentic_describe and reviewing, making it a direct predecessor to this configuration extension.

Poem

🐇 Hop, hop, labels in a row,
pnpm, pacquet, pnpr all aglow!
No suggestions? Auto-approve with glee,
The rabbit stamps PRs swiftly and free.
Configuration blooms like clover in spring~ 🌿

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch code-review-impr

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant