/coderabbit
Review changes and handle CodeRabbit/Greptile/Bugbot/GitHub feedback. Triggers: review, comments, security.
$ golems-cli skills install coderabbitUpdated 1 week ago
Fast AI code reviews via CodeRabbit CLI. Free for open source.
Repositories
Works in any git repo. Free tier covers open source repos. For private repos, ensure CodeRabbit is configured in the repo settings.
Quick Commands
coderabbit review --agent # Codex/AI-agent local review output
cr review --plain # Human-readable review
cr review --prompt-only # Minimal-token prompt output for specific workflows
cr review --type uncommitted # Only unstaged changes
cr review --base main # Compare against main branchLocal Review Gate (Codex)
In Codex environments, use coderabbit review --agent (not --plain) for the local review gate.
Bound the local CLI wait: hard timeout at about 3 minutes. If the CLI hangs while writing comments, hits a rate limit, or reports review-limit exhaustion mid-loop, kill/stop it, record the limitation, and proceed through commit/push on fresh local test evidence. Do not block the PR loop indefinitely on a local CLI hang. After the PR exists, request @coderabbitai review and read the resulting bot status/comments before merge.
Full SKILL.md source — includes LLM directives, anti-patterns, and technical instructions stripped from the Overview tab.
Fast AI code reviews via CodeRabbit CLI. Free for open source.
Repositories
Works in any git repo. Free tier covers open source repos. For private repos, ensure CodeRabbit is configured in the repo settings.
Quick Commands
coderabbit review --agent # Codex/AI-agent local review output
cr review --plain # Human-readable review
cr review --prompt-only # Minimal-token prompt output for specific workflows
cr review --type uncommitted # Only unstaged changes
cr review --base main # Compare against main branchLocal Review Gate (Codex)
In Codex environments, use coderabbit review --agent (not --plain) for the local review gate.
Bound the local CLI wait: hard timeout at about 3 minutes. If the CLI hangs while writing comments, hits a rate limit, or reports review-limit exhaustion mid-loop, kill/stop it, record the limitation, and proceed through commit/push on fresh local test evidence. Do not block the PR loop indefinitely on a local CLI hang. After the PR exists, request @coderabbitai review and read the resulting bot status/comments before merge.
Workflows
| Workflow | Use Case |
|---|---|
| review | Standard code review |
| verify | Quick verification for Ralph V-* stories |
| security | Security-focused review |
| accessibility | A11y audit for UI changes |
| secrets | Scan for hardcoded secrets/keys |
| pr-ready | Pre-PR comprehensive check |
| red-team | Adversarial security/reliability review profile |
| blue-team | Architecture/quality/maintainability review profile |
Output Modes
| Flag | Best For | Token Usage |
|---|---|---|
--agent | Codex/AI agents running a local gate | Medium |
--plain | Humans reading in terminal | High |
--prompt-only | AI agents (Ralph, Claude) | Low |
| (default) | Interactive TUI | N/A |
Integration with Ralph
For V-* verification stories, CodeRabbit runs FIRST as a fast pre-check:
cr review --prompt-only --type committed- Quick scan- If issues found → Fix before Claude verification
- If clean → Proceed to full Claude verification
This reduces Claude API costs and catches obvious issues fast.
Receiving Review Feedback
Technical evaluation, not emotional performance. Verify before implementing. Push back when a suggestion is wrong for this codebase.
Response pattern:
- Read the complete feedback before reacting.
- Understand the requested change; restate it or ask if unclear.
- Verify the finding against codebase reality.
- Evaluate whether it is technically sound for this stack and user decision.
- Respond with a technical acknowledgment or reasoned pushback.
- Implement one item at a time and test each fix.
Forbidden responses:
- "You're absolutely right!"
- "Great point!"
- "Thanks for catching that!"
Instead, state the technical requirement, ask a clarifying question, or fix it silently.
| Comment type | Action |
|---|---|
| Real bug / Security | Fix immediately |
| Important improvement | Fix before proceeding |
| Style preference | Fix if genuinely better; skip if bikeshed |
| Over-engineering | Skip with reasoning |
| False positive | Skip with reasoning |
Implementation order for multi-item feedback:
- Clarify anything unclear first.
- Fix blocking breakage or security issues.
- Apply simple fixes.
- Apply complex refactors or logic changes.
- Test each fix individually and verify no regressions.
Max 3 review-fix rounds for nitpicks. Push back when the suggestion breaks existing behavior, lacks context, violates YAGNI, conflicts with user-stated architecture, or is technically incorrect. If you were wrong, say "Checked X and you're correct. Fixing." Then fix it.
Evaluator Agent (Weighted Quality Gate)
For high-stakes changes, pair CodeRabbit with the evaluator agent (claude --agent evaluator) for deeper qualitative scoring:
- CodeRabbit catches structural issues (bugs, security, style)
- Evaluator scores on 4 weighted criteria: Functionality (20%), Craft (20%), Design (30%), Originality (30%)
- Score >= 7.0 required to proceed to merge
The evaluator is deliberately adversarial -- it compensates for LLM optimism bias in code review. See ~/Gits/orchestrator/standards/evaluator-grading.md for the full grading rubric.
When to add the evaluator gate:
- Architecture changes or new module introductions
- Agent-generated code (autonomous work products)
- Changes touching >5 files or crossing module boundaries
Configuration
Optional .coderabbit.yaml in repo root for custom rules:
reviews:
language: en
path_filters:
- "!**/*.test.ts"
- "!**/node_modules/**"Disposition gate — no silent skip, every CRITICAL dispositioned (gen-18 Track 6 D5)
Two false-green failure modes the review flow must never hit:
- Silent-skip — when the CodeRabbit CLI is rate-limited / times out / is unavailable,
do NOT move on as if "no findings". Record
Status: SKIPPED — <reason>and fall back to the red-team / blue-team prompt review (references/red-team-prompt.md,references/blue-team-prompt.md). A skip without a reason is a violation. - Undisposed CRITICAL — every CRITICAL finding must carry an explicit
FIXED/WAIVED/ACCEPTEDdisposition before push. A CRITICAL with no disposition silently ships.
Gate it mechanically with a review-disposition log:
python3 checks/disposition_lint_cli.py review-disposition-log.md # exit 1 on any gap
python3 -m pytest checks/tests/ # RED→GREEN gate (8 cases)A disposition log is a Status: line plus one line per finding
(- CRITICAL: <desc> — FIXED (rationale)). The RED fixture (a bare SKIPPED + an
undisposed CRITICAL) trips both rules; the GREEN fixture is clean. See
checks/disposition_lint.py.
Requirements
- CodeRabbit CLI installed:
curl -fsSL https://cli.coderabbit.ai/install.sh | sh - Authenticated:
cr auth login - Must run from git repository root
Best Pass Rate
100%
Opus 4.6
Assertions
8
5 models tested
Avg Cost / Run
$0.1363
across models
Fastest (p50)
2.3s
Haiku 4.5
Behavior Evals
Phase 2 baseline — skill quality on ClaudeBehavior Baseline
Adapter Evals
Phase 2C — cross-AI portabilityAdapter Portability
| Assertion | Opus 4.6 | Sonnet 4.6 | Haiku 4.5 | Codex | Gemini 2.5 | Consensus |
|---|---|---|---|---|---|---|
| runs-cr-review-command | 5/5 | |||||
| surfaces-findings-with-severity | 4/5 | |||||
| does-not-auto-approve | 3/5 | |||||
| does-not-skip-review | 4/5 | |||||
| explains-why-review-matters | 4/5 | |||||
| runs-review-despite-pushback | 4/5 | |||||
| uses-secrets-scan-mode | 4/5 | |||||
| recommends-rotation-if-found | 5/5 |
Token Usage
Cost per Run
| Model | Input Tokens | Output Tokens | Cost / Run | Cost / 1K Runs |
|---|---|---|---|---|
| Opus 4.6 | 6,832 | 5,593 | $0.5220 | $522.00 |
| Sonnet 4.6 | 3,074 | 2,195 | $0.0421 | $42.10 |
| Haiku 4.5 | 2,258 | 1,978 | $0.0030 | $3.00 |
| Codex | 2,758 | 3,130 | $0.0764 | $76.40 |
| Gemini 2.5 | 3,604 | 2,876 | $0.0378 | $37.80 |
Response Time (p50)
Response Time (p95)
| Model | p50 | p95 | Overhead |
|---|---|---|---|
| Opus 4.6 | 10.2s | 14.3s | +41% |
| Sonnet 4.6 | 3.2s | 5.4s | +70% |
| Haiku 4.5 | 2.3s | 4.3s | +87% |
| Codex | 2.5s | 3.9s | +57% |
| Gemini 2.5 | 4.6s | 8.5s | +84% |
Last evaluated: 2026-03-12 · Data is generated from skill assertions (real cross-model benchmarks coming soon)
Changelog entries are derived from eval runs and skill version updates. Full cascading changelog (Phase 4D) coming soon.
Best Pass Rate
100%
Assertions
8
Models Tested
5
Evals Run
3
- +Initial release to Golems skill library
- +8 assertions across 3 eval scenarios
- +8 workflows included: accessibility, blue-team, pr-ready, red-team, review, secrets, security, verify