[codex] Clarify CodeRabbit auth recovery flow

[juanpflores]

Summary

Clarifies the CodeRabbit review skill's authentication recovery instructions.

What Changed

Updates the coderabbit-review skill so the agent is explicitly told to:

• treat an unauthenticated coderabbit auth status --agent result as a step to handle
• run coderabbit auth login --agent
• re-run coderabbit auth status --agent
• continue to review commands only after authentication succeeds

Why

The prior wording only said to run the login command if auth was missing. This left too much room for the agent to stop at the auth error instead of actively recovering and retrying.

Impact

Agents using the CodeRabbit review skill should handle missing authentication more reliably and continue the workflow without unnecessary user interruption.

Validation

Verified the repo diff and committed only the plugins/coderabbit/skills/coderabbit-review/SKILL.md change.

Summary by CodeRabbit

• Bug Fixes

  • Improved error handling with clear guidance for authentication and troubleshooting issues

• Changes

  • Authentication now occurs when plugin features are used rather than at installation
  • Simplified default prompts for streamlined user experience
  • Updated terminology in results reporting

[coderabbitai]

📝 Walkthrough

Walkthrough

Updates the CodeRabbit plugin configuration and documentation: shifts authentication from install-time to use-time, bumps the plugin version to 1.1.1, reduces default prompt options from three to one, and enhances authentication and error-handling instructions in the skill documentation.

Changes

Cohort / File(s)	Summary
Plugin Marketplace Configuration .agents/plugins/marketplace.json	Changed authentication policy for CodeRabbit plugin from "ON_INSTALL" to "ON_USE", deferring authentication requirement to when the plugin is actively used.
Plugin Manifest plugins/coderabbit/.codex-plugin/plugin.json	Incremented plugin version to 1.1.1 and simplified interface.defaultPrompt from three options to a single "Review my current changes and provide feedback" prompt.
Skill Documentation plugins/coderabbit/skills/coderabbit-review/SKILL.md	Enhanced authentication handling instructions, hardened failure behavior to prevent fallback to manual review on CLI errors, and updated terminology from "findings" to "issues".

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

Possibly related PRs

• Add CodeRabbit Codex plugin #1 — Directly modifies the same CodeRabbit plugin configuration files and fields, establishing a direct code-level dependency.

Poem

🐰 A clever shift in timing's grace,
Auth moves to its proper place—
From install to use, the change unfolds,
While prompts grow wise and errors bold!
One prompt now, with focus keen, ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title accurately describes the primary change: clarifying the CodeRabbit authentication recovery flow in the skill documentation, which is the core objective of this pull request.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch codex/coderabbit-auth-login-on-unauth

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (3)

plugins/coderabbit/skills/coderabbit-review/SKILL.md (2)

59-59: Consider clarifying "retry once network is available".

Reads as if the agent should autonomously keep retrying. Since the surrounding guidance is to report failure to the user rather than silently recover (except for auth), suggest rephrasing to make it clear this is user-facing resolution guidance, not an instruction for the agent to loop.

✏️ Suggested wording tweak

-- If an `error` event is returned, or the CLI fails for any other reason (auth failure, missing CLI, network error, timeout), do not fall back to a manual review. Report the exact failure and tell the user how to resolve it (e.g. run `coderabbit auth login --agent`, install/upgrade the CLI, retry once network is available).
+- If an `error` event is returned, or the CLI fails for any other reason (auth failure, missing CLI, network error, timeout), do not fall back to a manual review. Report the exact failure to the user along with the concrete resolution step (e.g. run `coderabbit auth login --agent`, install/upgrade the CLI, or retry after the network is restored).

Also note the auth-failure case here partially overlaps with the Prerequisites recovery flow (which tells the agent to auto-run coderabbit auth login --agent). Worth reconciling so it's unambiguous whether a mid-review auth failure should be auto-recovered or surfaced to the user.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@plugins/coderabbit/skills/coderabbit-review/SKILL.md` at line 59, Update the
sentence in SKILL.md that currently reads "If an `error` event is returned, or
the CLI fails for any other reason (auth failure, missing CLI, network error,
timeout), do not fall back to a manual review. Report the exact failure and tell
the user how to resolve it (e.g. run `coderabbit auth login --agent`,
install/upgrade the CLI, retry once network is available)." to clarify that
"retry once network is available" is user-facing guidance (e.g., "retry when
network connectivity is restored") and not an instruction for the agent to loop;
also reconcile the auth-failure clause with the Prerequisites recovery flow by
explicitly stating whether the agent should attempt `coderabbit auth login
--agent` automatically on mid-review auth failures or instead surface the auth
error to the user (make the behavior unambiguous and consistent with the
Prerequisites section).

---

67-71: Terminology switch to "issues" is consistent here, but two upstream strings still say "findings".

The Result Format section is internally consistent, but for end-to-end consistency with the PR's rename:

• Line 8: "summarize the findings" — user-facing skill intro.
• Line 23 in plugin.json: longDescription mentions "actionable findings".

Line 57 ("Collect finding events") should stay as-is since finding is the NDJSON event type emitted by the CLI, not user-facing copy.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@plugins/coderabbit/skills/coderabbit-review/SKILL.md` around lines 67 - 71,
Update the remaining user-facing occurrences of "findings" to "issues": change
the phrase "summarize the findings" in SKILL.md to "summarize the issues" and
update the plugin.json longDescription value that currently mentions "actionable
findings" to use "actionable issues" (leave the NDJSON event reference "finding"
on the "Collect `finding` events" line unchanged). Ensure wording and
punctuation match existing style and that only user-facing copy is altered.

plugins/coderabbit/.codex-plugin/plugin.json (1)

3-3: Version bump and defaultPrompt trim look good.

1.1.1 appropriately reflects a docs/config-only change, and narrowing defaultPrompt to the primary prompt matches the PR intent.

Nit: interface.longDescription on line 23 still says "actionable findings". Since the PR renames user-facing "findings" → "issues" in SKILL.md, consider updating this string for consistency.

Also applies to: 36-38

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@plugins/coderabbit/.codex-plugin/plugin.json` at line 3, Update the
user-facing wording in the JSON interface strings: replace occurrences of
"actionable findings" with "actionable issues" in the interface.longDescription
property and the other similar description strings (the other entries around the
same block, e.g., the secondary description lines). Locate the JSON keys named
interface.longDescription (and the adjacent description fields in the same
object) and edit their text to use "issues" instead of "findings" so the plugin
wording matches the SKILL.md rename.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@plugins/coderabbit/.codex-plugin/plugin.json`:
- Line 3: Update the user-facing wording in the JSON interface strings: replace
occurrences of "actionable findings" with "actionable issues" in the
interface.longDescription property and the other similar description strings
(the other entries around the same block, e.g., the secondary description
lines). Locate the JSON keys named interface.longDescription (and the adjacent
description fields in the same object) and edit their text to use "issues"
instead of "findings" so the plugin wording matches the SKILL.md rename.

In `@plugins/coderabbit/skills/coderabbit-review/SKILL.md`:
- Line 59: Update the sentence in SKILL.md that currently reads "If an `error`
event is returned, or the CLI fails for any other reason (auth failure, missing
CLI, network error, timeout), do not fall back to a manual review. Report the
exact failure and tell the user how to resolve it (e.g. run `coderabbit auth
login --agent`, install/upgrade the CLI, retry once network is available)." to
clarify that "retry once network is available" is user-facing guidance (e.g.,
"retry when network connectivity is restored") and not an instruction for the
agent to loop; also reconcile the auth-failure clause with the Prerequisites
recovery flow by explicitly stating whether the agent should attempt `coderabbit
auth login --agent` automatically on mid-review auth failures or instead surface
the auth error to the user (make the behavior unambiguous and consistent with
the Prerequisites section).
- Around line 67-71: Update the remaining user-facing occurrences of "findings"
to "issues": change the phrase "summarize the findings" in SKILL.md to
"summarize the issues" and update the plugin.json longDescription value that
currently mentions "actionable findings" to use "actionable issues" (leave the
NDJSON event reference "finding" on the "Collect `finding` events" line
unchanged). Ensure wording and punctuation match existing style and that only
user-facing copy is altered.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: coderabbitai/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: f1436d6c-e4f8-406e-ad90-dc121fdd5104

📥 Commits

Reviewing files that changed from the base of the PR and between f335f9e and 97aed30.

📒 Files selected for processing (3)

• .agents/plugins/marketplace.json
• plugins/coderabbit/.codex-plugin/plugin.json
• plugins/coderabbit/skills/coderabbit-review/SKILL.md