Why
CodeRabbit is being retired fleet-wide in favor of Quinn, but it's still wired as a required status check on repos — and not just in classic branch protection. On mythxengine it lived in a repository ruleset (rules[].type == required_status_checks, context: "CodeRabbit", integration_id: 347564). When CodeRabbit doesn't engage on a PR (e.g. automation-authored PRs), it never posts the CodeRabbit status, so the PR is permanently BLOCKED even with all real CI green and mergeable: MERGEABLE.
Hit live on mythxengine #544 (workspace-config conformance): all real checks passed, rollup SUCCESS, but the ruleset's required CodeRabbit context never reported. Had to manually drop CodeRabbit from both the classic protection AND the ruleset to merge.
What to do
- Verify
apply-branch-protection handles rulesets, not only classic branch protection. The blocking enforcer on mythxengine was the ruleset (/repos/{o}/{r}/rulesets/{id}), not /branches/main/protection. If the tool only edits classic protection, it will silently miss the real gate. Add ruleset support: fetch the ruleset, strip bot-pattern contexts from the required_status_checks rule, PUT it back (full object: name/target/enforcement/conditions/rules/bypass_actors).
- Run it across every active repo in protoWorkstacean
workspace/projects.yaml (the fleet registry) to drop CodeRabbit/*quinn*-bot contexts from required checks, keeping correctness checks (build/test/quality/security).
- Keep the existing default: bots gate via
reviewDecision, not status checks (already the tool's documented philosophy).
Acceptance
apply-branch-protection --apply removes CodeRabbit from BOTH classic protection and rulesets on a repo that has it in a ruleset.
- A PR that CodeRabbit never reviews is
MERGEABLE/CLEAN (not BLOCKED) once real CI is green, on every active fleet repo.
- Correctness checks remain required (not left empty).
Evidence
mythxengine ruleset 12468384 rule required_status_checks had ["Build & Quality", "Security Audit", "CodeRabbit"]; manually reduced to the first two. Classic protection on the same repo had contexts: ["CodeRabbit"] only — also reduced. Both layers needed editing.
Why
CodeRabbit is being retired fleet-wide in favor of Quinn, but it's still wired as a required status check on repos — and not just in classic branch protection. On mythxengine it lived in a repository ruleset (
rules[].type == required_status_checks,context: "CodeRabbit",integration_id: 347564). When CodeRabbit doesn't engage on a PR (e.g. automation-authored PRs), it never posts theCodeRabbitstatus, so the PR is permanentlyBLOCKEDeven with all real CI green andmergeable: MERGEABLE.Hit live on mythxengine #544 (workspace-config conformance): all real checks passed, rollup SUCCESS, but the ruleset's required
CodeRabbitcontext never reported. Had to manually drop CodeRabbit from both the classic protection AND the ruleset to merge.What to do
apply-branch-protectionhandles rulesets, not only classic branch protection. The blocking enforcer on mythxengine was the ruleset (/repos/{o}/{r}/rulesets/{id}), not/branches/main/protection. If the tool only edits classic protection, it will silently miss the real gate. Add ruleset support: fetch the ruleset, strip bot-pattern contexts from therequired_status_checksrule, PUT it back (full object: name/target/enforcement/conditions/rules/bypass_actors).workspace/projects.yaml(the fleet registry) to drop CodeRabbit/*quinn*-bot contexts from required checks, keeping correctness checks (build/test/quality/security).reviewDecision, not status checks (already the tool's documented philosophy).Acceptance
apply-branch-protection --applyremoves CodeRabbit from BOTH classic protection and rulesets on a repo that has it in a ruleset.MERGEABLE/CLEAN(not BLOCKED) once real CI is green, on every active fleet repo.Evidence
mythxengine ruleset
12468384rulerequired_status_checkshad["Build & Quality", "Security Audit", "CodeRabbit"]; manually reduced to the first two. Classic protection on the same repo hadcontexts: ["CodeRabbit"]only — also reduced. Both layers needed editing.