ci: quiet down qodo and codex pr review noise

[ValentaTomas]

Configures qodo-merge via .pr_agent.toml to skip the PR walkthrough/score/effort/labels and only post inline findings, and adds AGENTS.md to steer Codex toward terse, findings-only reviews.

Goal: kill the auto-summary blocks and branding, keep the actual bug reports.

[cursor]

PR Summary

Low Risk
Config-only changes to third-party review/coverage tooling; main risk is unintentionally suppressing useful PR feedback or hiding coverage info.

Overview
This PR tunes automated PR tooling to be quieter and more findings-only: it adds Gemini config/style guidance and an AGENTS.md policy to suppress summaries/branding, configures Qodo (.pr_agent.toml) to run only /review with inline comments and no extra metadata, and adjusts Codecov to report as informational only on PRs with a condensed comment layout.

^{Reviewed by Cursor Bugbot for commit 0e644cb. Bugbot is set up for automated code reviews on this repo. Configure here.}

[codecov]

❌ 3 Tests Failed:

Tests completed	Failed	Passed	Skipped
2347	3	2344	7

View the top 1 failed test(s) by shortest run time

github.com/e2b-dev/infra/tests/integration/internal/tests/api/metrics::TestTeamMetrics

Stack Traces | 2.85s run time

=== RUN   TestTeamMetrics
=== PAUSE TestTeamMetrics
=== CONT  TestTeamMetrics
    team_metrics_test.go:61: 
        	Error Trace:	.../api/metrics/team_metrics_test.go:61
        	Error:      	Should be true
        	Test:       	TestTeamMetrics
        	Messages:   	MaxConcurrentSandboxes should be >= 0
--- FAIL: TestTeamMetrics (2.85s)

View the full list of 2 ❄️ flaky test(s)

github.com/e2b-dev/infra/tests/integration/internal/tests/api/sandboxes::TestUpdateNetworkConfig

Flake rate in main: 50.00% (Passed 2 times, Failed 2 times)

Stack Traces | 84.9s run time

=== RUN   TestUpdateNetworkConfig
=== PAUSE TestUpdateNetworkConfig
=== CONT  TestUpdateNetworkConfig
--- FAIL: TestUpdateNetworkConfig (84.90s)

github.com/e2b-dev/infra/tests/integration/internal/tests/api/sandboxes::TestUpdateNetworkConfig/pause_resume_preserves_allow_internet_access_false

Flake rate in main: 50.00% (Passed 2 times, Failed 2 times)

Stack Traces | 0.7s run time

=== RUN   TestUpdateNetworkConfig/pause_resume_preserves_allow_internet_access_false
Executing command curl in sandbox iyf30z16l79dfzx6aampp
    sandbox_network_update_test.go:372: Command [curl] output: event:{start:{pid:1361}}
    sandbox_network_update_test.go:372: Command [curl] output: event:{end:{exit_code:35 exited:true status:"exit status 35" error:"exit status 35"}}
Executing command curl in sandbox iyf30z16l79dfzx6aampp
    sandbox_network_update_test.go:372: Command [curl] output: event:{start:{pid:1362}}
    sandbox_network_update_test.go:372: Command [curl] output: event:{end:{exit_code:35 exited:true status:"exit status 35" error:"exit status 35"}}
Executing command curl in sandbox iyf30z16l79dfzx6aampp
    sandbox_network_update_test.go:391: Command [curl] output: event:{start:{pid:1363}}
    sandbox_network_update_test.go:391: Command [curl] output: event:{data:{stdout:"HTTP/2 302 \r\nx-content-type-options: nosniff\r\nlocation: https://dns.google/\r\ndate: Mon, 04 May 2026 06:27:56 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: HTTP server (unknown)\r\ncontent-length: 216\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n"}}
    sandbox_network_update_test.go:391: Command [curl] output: event:{end:{exited:true status:"exit status 0"}}
    sandbox_network_update_test.go:391: Command [curl] completed successfully in sandbox iyf30z16l79dfzx6aampp
    sandbox_network_update_test.go:391: 
        	Error Trace:	.../api/sandboxes/sandbox_network_out_test.go:74
        	            				.../api/sandboxes/sandbox_network_update_test.go:60
        	            				.../api/sandboxes/sandbox_network_update_test.go:391
        	Error:      	An error is expected but got nil.
        	Test:       	TestUpdateNetworkConfig/pause_resume_preserves_allow_internet_access_false
        	Messages:   	https://8.8.8.8 should be blocked
--- FAIL: TestUpdateNetworkConfig/pause_resume_preserves_allow_internet_access_false (0.70s)

To view more test analytics, go to the Test Analytics Dashboard
_{📋 Got 3 mins? Take this short survey to help us improve Test Analytics.}

[gemini-code-assist]

Code Review

This pull request introduces configuration for AI review agents through a new .pr_agent.toml file and an AGENTS.md guide, establishing strict rules for terse, bug-focused feedback. The review feedback suggests enabling a limited number of code suggestions rather than disabling them entirely and recommends aligning the instructions in the configuration file with the markdown documentation to ensure consistency and a more comprehensive review scope.

[qodo-code-review]

Code Review by Qodo

🐞 Bugs (1) 📘 Rule violations (0) 📎 Requirement gaps (0)

1. Persistent comment conflicts with no-post intent 🐞

Description

persistent_comment = true causes qodo-merge to always post (and update) a PR-level comment on
every run, which contradicts the extra_instructions rule to post nothing when there are no
findings — the tool will post an empty or boilerplate comment regardless.

Code

.pr_agent.toml[R23-33]

+persistent_comment = true
+final_update_message = false
+enable_help_text = false
+extra_instructions = """
+Output style rules (strict):
+- Be terse. One short paragraph per finding, no preamble.
+- Only report concrete bugs, correctness issues, or rule violations. Do not summarize the PR.
+- No headers, no bullet lists, no tables, no diagrams, no code-fence wrapping unless quoting code.
+- No emojis. No severity badges. No tags like "Bug", "Enhancement", "Correctness", "Maintainability".
+- No Qodo branding, logos, dividers, or footer links.
+- If nothing to flag, post nothing.

Evidence

persistent_comment = true is a hard configuration directive that makes qodo-merge always write a
comment; the extra_instructions block is a soft prompt hint that the LLM may or may not honour, so
the configuration will produce unwanted comments when there are no findings.

.pr_agent.toml[23-23]
.pr_agent.toml[33-33]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
`persistent_comment = true` forces qodo-merge to always post a PR-level comment, conflicting with the goal of posting nothing when there are no findings.

## Issue Context
The `extra_instructions` rule 'If nothing to flag, post nothing' is a prompt hint and cannot override the hard `persistent_comment` configuration.

## Fix Focus Areas
- .pr_agent.toml[23]: Change `persistent_comment = true` to `persistent_comment = false`.

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

2. Misleading Codecov comment ☑ 🐞

Description

The comment on line 4 says the Test Analytics comment stays on, but comment: false on line 13
disables all Codecov PR commenting, including Test Analytics. Future maintainers will misread the
intent.

Code

codecov.yml[R3-13]

+# Coverage info lives in the codecov/* status checks (click to expand);
+# the Test Analytics comment (failed + flaky tests) stays on.

coverage:
  status:
    project:
-      default: { informational: true }
+      default: { informational: true, only_pulls: true }
    patch:
-      default: { informational: true }
+      default: { informational: true, only_pulls: true }
+
+comment: false

Evidence

The newly-added comment explicitly claims Test Analytics comments remain active, but the newly-added
comment: false setting disables the entire Codecov PR comment feature, contradicting the comment.

codecov.yml[3-4]
codecov.yml[13-13]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
The comment on line 4 of `codecov.yml` says the Test Analytics comment stays on, but `comment: false` disables all Codecov PR comments including Test Analytics.

## Issue Context
The comment was added in the same PR as `comment: false`, creating an immediate contradiction.

## Fix Focus Areas
- codecov.yml[3-4]: Update the comment to accurately state that all Codecov PR comments are disabled, or change `comment: false` to keep Test Analytics comments enabled.

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 9beb29f212

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[claude]

LGTM, CI tooling config only.

Extended reasoning...

Overview

This PR adds/modifies CI review-tooling configuration only: a new .gemini/config.yaml and .gemini/styleguide.md, a new .pr_agent.toml (qodo-merge), a new AGENTS.md (Codex), and tweaks to codecov.yml. No production code, build, or runtime paths are affected.

Security risks

None. These files configure third-party PR-review/coverage bots and contain no secrets, credentials, or executable logic. Worst-case outcome is suppressing useful review noise or coverage comments — recoverable by editing the same files.

Level of scrutiny

Low. Config-only change to AI/CI review tooling. The author has clearly iterated on these settings across recent commits (per git log) in response to bot feedback (e.g., raising Gemini severity, allowing code suggestions, keeping Codecov PR comment for Test Analytics).

Other factors

The bug hunting system found no bugs. Prior bot comments raised minor concerns (Test Analytics, persistent_comment) which the author appears to have weighed and addressed via the condensed-header Codecov comment and the explicit clarifying comments in codecov.yml. The remaining persistent_comment = true choice is intentional and reversible. Nothing here warrants human review.