ambient-code · jeremyeder · Apr 21, 2026 · Apr 15, 2026 · Apr 15, 2026 · Apr 15, 2026
diff --git a/.claude/settings.json b/.claude/settings.json
@@ -29,6 +29,15 @@
             "command": "bash scripts/claude-hooks/auto-format.sh"
           }
         ]
+      },
+      {
+        "matcher": "Bash",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "cd \"$(git rev-parse --show-toplevel)\" && bash scripts/hooks/coderabbit-review-gate.sh"
+          }
+        ]
       }
     ],
     "Stop": [

diff --git a/.github/workflows/coderabbit-smoke-test.yml b/.github/workflows/coderabbit-smoke-test.yml
@@ -0,0 +1,129 @@
+name: CodeRabbit Integration Smoke Test
+
+# Validates the CodeRabbit integration works end-to-end:
+# - CLI installs and authenticates
+# - Can review files against the real CodeRabbit API
+# - Config file (.coderabbit.yaml) is valid
+
+on:
+  pull_request:
+    branches: [main]
+    paths:
+      - '.coderabbit.yaml'
+      - 'components/backend/handlers/coderabbit_auth.go'
+      - 'components/backend/handlers/integration_validation.go'
+      - 'components/frontend/src/components/coderabbit-connection-card.tsx'
+      - 'components/runners/ambient-runner/ambient_runner/platform/auth.py'
+      - 'scripts/hooks/coderabbit-review-gate.sh'
+      - '.github/workflows/coderabbit-smoke-test.yml'
+
+  workflow_dispatch:
+
+  schedule:
+    - cron: '0 6 * * 1' # Weekly Monday 6am UTC
+
+permissions:
+  contents: read
+
+concurrency:
+  group: coderabbit-smoke-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  smoke-test:
+    name: CodeRabbit Smoke Test
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+
+      - name: Set up Node.js
+        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
+        with:
+          node-version: '20'
+
+      - name: Install CodeRabbit CLI
+        run: npm install -g coderabbit
+
+      - name: Verify CLI installed
+        run: |
+          coderabbit --version
+          echo "CLI binary: $(which coderabbit)"
+
+      - name: Validate .coderabbit.yaml schema
+        run: |
+          echo "=== Validating .coderabbit.yaml ==="
+          python3 -c "
+          import yaml, sys
+          with open('.coderabbit.yaml') as f:
+              config = yaml.safe_load(f)
+          assert 'reviews' in config, 'Missing reviews section'
+          assert 'language' in config, 'Missing language field'
+          print(f'Config valid: {len(config)} top-level keys')
+          print(f'Reviews profile: {config[\"reviews\"].get(\"profile\", \"not set\")}')
+          print(f'Auto review: {config[\"reviews\"].get(\"auto_review\", {}).get(\"enabled\", False)}')
+          print(f'Tools configured: {len(config[\"reviews\"].get(\"tools\", {}))}')
+          "
+          echo "PASSED: .coderabbit.yaml is valid"
+
+      - name: Run CodeRabbit review on config file
+        env:
+          CODERABBIT_API_KEY: ${{ secrets.CODERABBIT_API_KEY }}
+        run: |
+          echo "=== Running CodeRabbit review against real API ==="
+
+          # Skip if no API key (fork PRs, missing secret)
+          if [ -z "$CODERABBIT_API_KEY" ]; then
+            echo "CODERABBIT_API_KEY not set - skipping live review"
+            echo "This is expected for fork PRs or when the secret is not configured"
+            exit 0
+          fi
+
+          # Review the config file itself using agent mode for structured output
+          EXIT_CODE=0
+          OUTPUT=$(coderabbit review \
+            --agent \
+            --files .coderabbit.yaml \
+            2>&1) || EXIT_CODE=$?
+
+          echo "$OUTPUT"
+
+          # Auth errors are fatal
+          if echo "$OUTPUT" | grep -qiE "unauthorized|forbidden|invalid.*key"; then
+            echo "FAILED: CodeRabbit API key appears invalid"
+            exit 1
+          fi
+
+          # Non-zero exit from CLI is a real failure
+          if [ "$EXIT_CODE" -ne 0 ]; then
+            echo "FAILED: coderabbit review exited $EXIT_CODE"
+            exit 1
+          fi
+
+          echo "PASSED: CodeRabbit API responded successfully"
+
+      - name: Verify review gate runs in standalone mode
+        env:
+          CODERABBIT_API_KEY: ${{ secrets.CODERABBIT_API_KEY }}
+        run: |
+          echo "=== Testing review gate (standalone / CI mode) ==="
+          chmod +x scripts/hooks/coderabbit-review-gate.sh
+
+          # Run without CLAUDE_TOOL_INPUT — triggers standalone mode
+          # which runs coderabbit review --agent --base main directly.
+          EXIT_CODE=0
+          OUTPUT=$(bash scripts/hooks/coderabbit-review-gate.sh 2>&1) || EXIT_CODE=$?
+
+          echo "$OUTPUT"
+
+          # Exit 0 = review passed, exit 2 = findings or CLI missing
+          if [ "$EXIT_CODE" -eq 0 ]; then
+            echo "PASSED: Review gate completed successfully"
+          elif [ "$EXIT_CODE" -eq 2 ]; then
+            echo "PASSED: Review gate blocked (expected in CI — findings or rate limit)"
+          else
+            echo "FAILED: Unexpected exit code $EXIT_CODE"
+            exit 1
+          fi
diff --git a/BOOKMARKS.md b/BOOKMARKS.md
@@ -74,6 +74,7 @@ Convention documentation for each component. Loaded by review agents on demand.
 | [API Server Guide](components/ambient-api-server/CLAUDE.md) | rh-trex-ai REST API, plugin system, code generation |
 | [SDK Guide](components/ambient-sdk/CLAUDE.md) | Go + Python client libraries for the public API |
 | [CLI README](components/ambient-cli/README.md) | acpctl CLI for managing agentic sessions |
+| [CodeRabbit Integration](docs/src/content/docs/features/coderabbit.md) | Setup, review gate, session credentials, `.coderabbit.yaml` config |
 
 ## Development Environment
 

diff --git a/components/ambient-api-server/pkg/api/openapi/README.md b/components/ambient-api-server/pkg/api/openapi/README.md
@@ -209,4 +209,3 @@ Each of these functions takes a value of the given basic type and returns a poin
 ## Author
 
 ambient-code@redhat.com
-
diff --git a/components/ambient-api-server/pkg/api/openapi/docs/Agent.md b/components/ambient-api-server/pkg/api/openapi/docs/Agent.md
@@ -4,17 +4,17 @@
 
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
-**Id** | Pointer to **string** |  | [optional] 
-**Kind** | Pointer to **string** |  | [optional] 
-**Href** | Pointer to **string** |  | [optional] 
-**CreatedAt** | Pointer to **time.Time** |  | [optional] 
-**UpdatedAt** | Pointer to **time.Time** |  | [optional] 
-**ProjectId** | **string** | The project this agent belongs to | 
-**Name** | **string** | Human-readable identifier; unique within the project | 
-**Prompt** | Pointer to **string** | Defines who this agent is. Mutable via PATCH. Access controlled by RBAC. | [optional] 
-**CurrentSessionId** | Pointer to **string** | Denormalized for fast reads — the active session, if any | [optional] [readonly] 
-**Labels** | Pointer to **string** |  | [optional] 
-**Annotations** | Pointer to **string** |  | [optional] 
+**Id** | Pointer to **string** |  | [optional]
+**Kind** | Pointer to **string** |  | [optional]
+**Href** | Pointer to **string** |  | [optional]
+**CreatedAt** | Pointer to **time.Time** |  | [optional]
+**UpdatedAt** | Pointer to **time.Time** |  | [optional]
+**ProjectId** | **string** | The project this agent belongs to |
+**Name** | **string** | Human-readable identifier; unique within the project |
+**Prompt** | Pointer to **string** | Defines who this agent is. Mutable via PATCH. Access controlled by RBAC. | [optional]
+**CurrentSessionId** | Pointer to **string** | Denormalized for fast reads — the active session, if any | [optional] [readonly]
+**Labels** | Pointer to **string** |  | [optional]
+**Annotations** | Pointer to **string** |  | [optional]
 
 ## Methods
 
@@ -302,5 +302,3 @@ HasAnnotations returns a boolean if a field has been set.
 
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
-
-
diff --git a/components/ambient-api-server/pkg/api/openapi/docs/AgentPatchRequest.md b/components/ambient-api-server/pkg/api/openapi/docs/AgentPatchRequest.md
@@ -4,10 +4,10 @@
 
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
-**Name** | Pointer to **string** |  | [optional] 
-**Prompt** | Pointer to **string** | Update agent prompt (access controlled by RBAC) | [optional] 
-**Labels** | Pointer to **string** |  | [optional] 
-**Annotations** | Pointer to **string** |  | [optional] 
+**Name** | Pointer to **string** |  | [optional]
+**Prompt** | Pointer to **string** | Update agent prompt (access controlled by RBAC) | [optional]
+**Labels** | Pointer to **string** |  | [optional]
+**Annotations** | Pointer to **string** |  | [optional]
 
 ## Methods
 
@@ -130,5 +130,3 @@ HasAnnotations returns a boolean if a field has been set.
 
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
-
-
diff --git a/components/ambient-api-server/pkg/api/openapi/docs/AgentSessionList.md b/components/ambient-api-server/pkg/api/openapi/docs/AgentSessionList.md
@@ -4,11 +4,11 @@
 
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
-**Kind** | **string** |  | 
-**Page** | **int32** |  | 
-**Size** | **int32** |  | 
-**Total** | **int32** |  | 
-**Items** | [**[]Session**](Session.md) |  | 
+**Kind** | **string** |  |
+**Page** | **int32** |  |
+**Size** | **int32** |  |
+**Total** | **int32** |  |
+**Items** | [**[]Session**](Session.md) |  |
 
 ## Methods
 
@@ -131,5 +131,3 @@ SetItems sets Items field to given value.
 
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
-
-
diff --git a/components/ambient-api-server/pkg/api/openapi/docs/Credential.md b/components/ambient-api-server/pkg/api/openapi/docs/Credential.md
@@ -4,20 +4,20 @@
 
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
-**Id** | Pointer to **string** |  | [optional] 
-**Kind** | Pointer to **string** |  | [optional] 
-**Href** | Pointer to **string** |  | [optional] 
-**CreatedAt** | Pointer to **time.Time** |  | [optional] 
-**UpdatedAt** | Pointer to **time.Time** |  | [optional] 
-**ProjectId** | **string** | ID of the project this credential belongs to | 
-**Name** | **string** |  | 
-**Description** | Pointer to **string** |  | [optional] 
-**Provider** | **string** |  | 
-**Token** | Pointer to **string** | Credential token value; write-only, never returned in GET/LIST responses | [optional] 
-**Url** | Pointer to **string** |  | [optional] 
-**Email** | Pointer to **string** |  | [optional] 
-**Labels** | Pointer to **string** |  | [optional] 
-**Annotations** | Pointer to **string** |  | [optional] 
+**Id** | Pointer to **string** |  | [optional]
+**Kind** | Pointer to **string** |  | [optional]
+**Href** | Pointer to **string** |  | [optional]
+**CreatedAt** | Pointer to **time.Time** |  | [optional]
+**UpdatedAt** | Pointer to **time.Time** |  | [optional]
+**ProjectId** | **string** | ID of the project this credential belongs to |
+**Name** | **string** |  |
+**Description** | Pointer to **string** |  | [optional]
+**Provider** | **string** |  |
+**Token** | Pointer to **string** | Credential token value; write-only, never returned in GET/LIST responses | [optional]
+**Url** | Pointer to **string** |  | [optional]
+**Email** | Pointer to **string** |  | [optional]
+**Labels** | Pointer to **string** |  | [optional]
+**Annotations** | Pointer to **string** |  | [optional]
 
 ## Methods
 
@@ -375,5 +375,3 @@ HasAnnotations returns a boolean if a field has been set.
 
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
-
-
diff --git a/components/ambient-api-server/pkg/api/openapi/docs/CredentialList.md b/components/ambient-api-server/pkg/api/openapi/docs/CredentialList.md
@@ -4,11 +4,11 @@
 
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
-**Kind** | **string** |  | 
-**Page** | **int32** |  | 
-**Size** | **int32** |  | 
-**Total** | **int32** |  | 
-**Items** | [**[]Credential**](Credential.md) |  | 
+**Kind** | **string** |  |
+**Page** | **int32** |  |
+**Size** | **int32** |  |
+**Total** | **int32** |  |
+**Items** | [**[]Credential**](Credential.md) |  |
 
 ## Methods
 
@@ -131,5 +131,3 @@ SetItems sets Items field to given value.
 
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
-
-
diff --git a/components/ambient-api-server/pkg/api/openapi/docs/CredentialPatchRequest.md b/components/ambient-api-server/pkg/api/openapi/docs/CredentialPatchRequest.md
@@ -4,14 +4,14 @@
 
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
-**Name** | Pointer to **string** |  | [optional] 
-**Description** | Pointer to **string** |  | [optional] 
-**Provider** | Pointer to **string** |  | [optional] 
-**Token** | Pointer to **string** | Credential token value; write-only, never returned in GET/LIST responses | [optional] 
-**Url** | Pointer to **string** |  | [optional] 
-**Email** | Pointer to **string** |  | [optional] 
-**Labels** | Pointer to **string** |  | [optional] 
-**Annotations** | Pointer to **string** |  | [optional] 
+**Name** | Pointer to **string** |  | [optional]
+**Description** | Pointer to **string** |  | [optional]
+**Provider** | Pointer to **string** |  | [optional]
+**Token** | Pointer to **string** | Credential token value; write-only, never returned in GET/LIST responses | [optional]
+**Url** | Pointer to **string** |  | [optional]
+**Email** | Pointer to **string** |  | [optional]
+**Labels** | Pointer to **string** |  | [optional]
+**Annotations** | Pointer to **string** |  | [optional]
 
 ## Methods
 
@@ -234,5 +234,3 @@ HasAnnotations returns a boolean if a field has been set.
 
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
-
-
diff --git a/components/ambient-api-server/pkg/api/openapi/docs/CredentialTokenResponse.md b/components/ambient-api-server/pkg/api/openapi/docs/CredentialTokenResponse.md
@@ -4,9 +4,9 @@
 
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
-**CredentialId** | **string** | ID of the credential | 
-**Provider** | **string** | Provider type for this credential | 
-**Token** | **string** | Decrypted token value | 
+**CredentialId** | **string** | ID of the credential |
+**Provider** | **string** | Provider type for this credential |
+**Token** | **string** | Decrypted token value |
 
 ## Methods
 
@@ -89,5 +89,3 @@ SetToken sets Token field to given value.
 
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
-
-
Original file line number	Diff line number	Diff line change
Expand Up		@@ -209,4 +209,3 @@ Each of these functions takes a value of the given basic type and returns a poin
		## Author

		ambient-code@redhat.com