Skip to content

feat(#291): CodeRabbit rate limit tracker and quota management#303

Open
xsovad06 wants to merge 3 commits into
mainfrom
feat/issue-291
Open

feat(#291): CodeRabbit rate limit tracker and quota management#303
xsovad06 wants to merge 3 commits into
mainfrom
feat/issue-291

Conversation

@xsovad06

@xsovad06 xsovad06 commented Jul 2, 2026

Copy link
Copy Markdown
Owner

Summary

  • Added CodeRabbit rate limit tracking service to prevent PR review quota exhaustion on free tier (4 reviews/hour)
  • Implemented quota monitoring with DB-backed event caching to minimize GitHub API calls
  • Added dashboard widget showing real-time quota usage and next available review slot

Changes

Config System

  • New [coderabbit] section with enabled, plan, reviews_per_hour, min_pr_spacing_minutes fields
  • Triple-registered per architecture rules (models, loader, settings metadata)
  • Plan-based auto-derivation of quota limits (free=4, pro/pro_plus=unlimited)

Core Service (sova/supervisor/coderabbit_quota.py)

  • get_review_history() - queries GitHub API for coderabbitai[bot] PR reviews with DB caching
  • can_create_pr() - checks quota availability against rolling 1-hour window
  • next_available_slot() - calculates when next review slot opens
  • request_review() - posts @coderabbitai review comment on PRs
  • get_review_status() - distinguishes reviewed/rate_limited/pending/summary_only states

Database

  • New CodeRabbitEvent model with repo/pr_number/event_type/recorded_at fields
  • Indexed by (repo, recorded_at) for efficient rolling window queries
  • Requires Alembic migration (future PR)

Dashboard

  • New /api/quota/coderabbit endpoint returning quota status
  • Rate limit indicator widget on agents page (quota usage, next slot, recent reviews)
  • Color-coded status (green/yellow/red) using Catppuccin theme
  • Conditional rendering based on coderabbit.enabled config
  • Auto-polling every 30 seconds

Review guidance

Key design decisions:

  • Separate CodeRabbitQuotaConfig from existing CodeRabbitConfig (external_reviews) - quota tracking is supervisor-level concern, not review-tool integration
  • DB caching layer to avoid GitHub API rate limits while checking CodeRabbit rate limits
  • Summary/walkthrough comments don't count - service queries /pulls/{pr}/reviews not /issues/{pr}/comments
  • Rolling window uses UTC timestamps consistently (recorded_at > now - timedelta(hours=1))

Verification focus:

  • Config triple-registration completeness (all 3 locations)
  • Quota calculation edge cases (empty history, exactly at limit, rollover)
  • Multi-project isolation via repo field
  • Dashboard widget conditional rendering and polling logic

Test plan

  • Unit tests cover 12 scenarios including empty history, quota rollover, burst detection, and multi-repo isolation
  • Config registration validated via test suite
  • Dashboard endpoint tested with mock service responses
  • Manual verification: tested widget rendering with live quota data in development mode

Closes #291

@xsovad06 xsovad06 self-assigned this Jul 2, 2026
@coderabbitai

coderabbitai Bot commented Jul 2, 2026

Copy link
Copy Markdown

Warning

Review limit reached

@xsovad06, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 28 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 1cbf5e65-3959-4ed4-b21b-3efa0459913f

📥 Commits

Reviewing files that changed from the base of the PR and between 87142b7 and 1934388.

📒 Files selected for processing (10)
  • sova/config/loader.py
  • sova/config/models.py
  • sova/dashboard/app.py
  • sova/dashboard/routers/quota.py
  • sova/dashboard/settings_meta.py
  • sova/dashboard/templates/agents.html
  • sova/db/models.py
  • sova/supervisor/__init__.py
  • sova/supervisor/coderabbit_quota.py
  • tests/test_coderabbit_quota.py

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

xsovad06 added 2 commits July 3, 2026 00:59
SonarCloud flagged json.JSONDecodeError as redundant when caught
alongside ValueError (its parent). Remove the redundant class.

Add 16 tests covering all previously uncovered code paths in
coderabbit_quota.py: unlimited quota, empty sync, default timestamps,
GitHub API fetch (success/failure/bad JSON/exceptions), and PR review
parsing (non-CR users, missing fields, PENDING state, bad dates, null
login). Coverage: 56% -> 100%.
Cover all paths in sova/dashboard/routers/quota.py:
- GET /api/quota/coderabbit with enabled config (success + error)
- POST /api/quota/coderabbit/sync (success, no-repo, error)
- Fix line-length violations in test file

Raises new-code coverage from 61.4% to meet SonarCloud 80% gate.
@sonarqubecloud

sonarqubecloud Bot commented Jul 2, 2026

Copy link
Copy Markdown

@xsovad06 xsovad06 left a comment

Copy link
Copy Markdown
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR Review: CodeRabbit Rate Limit Tracker (#291)

Summary: Well-structured feature adding CodeRabbit quota tracking across config, service, DB model, dashboard API, and UI widget. 1229 lines total, 682 of which are tests (55%). All CI checks pass, SonarCloud reports 100% coverage on new code.

Findings

[HIGH] Plan defaults may not match CodeRabbit actual limits
sova/config/models.py:368 -- The plan defaults {"free": 4, "pro": 5, "pro_plus": 10} are unverified for paid tiers. CodeRabbit Pro uses adaptive rate limiting, not a fixed per-hour cap. Consider defaulting paid plans to 0 (unlimited) since rate limiting is primarily a free-tier concern:

_plan_defaults = {"free": 4, "pro": 0, "pro_plus": 0}

[HIGH] No Alembic migration for CodeRabbitEvent table
sova/db/models.py:347-363 -- New coderabbit_events table has no migration. Acknowledged in the PR body as "future PR", and mitigated by enabled=False default. Existing databases will crash with "no such table" if the feature is enabled before migration lands. Ensure the migration PR is tracked.

[MEDIUM] 20 sequential API calls on sync
sova/supervisor/coderabbit_quota.py:249-258 -- sync_from_github fetches reviews for up to 20 PRs individually (semaphore=5). Consider filtering by updated_at within the rolling window, or batching via GraphQL to reduce API calls.

[MEDIUM] Two coderabbit-prefixed config sections
sova/config/models.py:351 vs :286 -- [external_reviews.coderabbit] and [coderabbit_quota] coexist with similar env prefixes (SOVA_CODERABBIT_ vs SOVA_CODERABBIT_QUOTA_). The separation is justified (supervisor vs review-tool concerns) but may confuse users. Consider a note in settings descriptions referencing the relationship.

Verdict: Comment (no blocking issues)

The feature defaults to disabled, limiting blast radius. The two HIGH findings are worth addressing but neither requires blocking the PR.

What is done well

  1. Triple-registration discipline -- config model, loader, and settings metadata all present and correct per architecture rules.
  2. Thorough test coverage -- 28 test cases covering config defaults, service logic edge cases, API failures, bad JSON, deduplication, project isolation, and all router endpoints.
  3. Clean module placement -- new sova/supervisor/ subsystem with proper __init__.py docstring sets up the namespace cleanly for future additions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

feat(supervisor): CodeRabbit rate limit tracker and quota management

1 participant