chore: add Qodo configuration

[fghanmi]

No description provided.

[qodo-for-securesign]

Review Summary by Qodo

Add PR Agent configuration for automated workflows

⚙️ Configuration changes

Walkthroughs

Description

• Add PR Agent configuration file for automated PR workflows
• Configure automatic PR description and review generation
• Set up GitHub app triggers for opened and reopened PRs
• Enable inline code suggestions and RAG-based analysis

Diagram

flowchart LR
  A["PR Events<br/>opened/reopened"] -- "trigger" --> B["PR Agent Config"]
  B -- "execute" --> C["Auto-describe<br/>Auto-review"]
  B -- "configure" --> D["Review Settings<br/>Code Suggestions"]
  D -- "enable" --> E["RAG Analysis<br/>Inline Comments"]

Loading

File Changes

1. .pr_agent.toml ⚙️ Configuration changes +33/-0

Add PR Agent automation configuration

• Create new PR Agent configuration file with GitHub app integration
• Configure automatic PR description and review commands on PR open/reopen
• Set review agent policies for inline comments and code suggestions
• Enable RAG-based analysis for enhanced code review capabilities
• Exclude renovate and bot accounts from triggering workflows

.pr_agent.toml

---

[qodo-for-securesign]

Code Review by Qodo

🐞 Bugs (1) 📘 Rule violations (0)

1. No review on pushes 🐞 Bug ☼ Reliability

Description

The PR-Agent config disables push-based triggers and also does not listen to the PR 'synchronize'
action, so /agentic_review will not automatically re-run when new commits are pushed to an existing
PR. This can leave stale/outdated review comments until a manual command is invoked.

Code

.pr_agent.toml[R6-16]

+handle_pr_actions = ['opened', 'reopened', 'ready_for_review']
+
+# What runs automatically when PR is opened
+pr_commands = [
+    "/agentic_describe",
+    "/agentic_review"
+]
+
+# Do NOT auto-trigger on push (avoid noise)
+handle_push_trigger = false
+

Evidence

The configuration explicitly disables push-triggered runs and only subscribes to
opened/reopened/ready_for_review PR actions, which excludes the synchronize event used for new
commits; therefore, new commits will not trigger /agentic_review automatically.

.pr_agent.toml[6-16]
.pr_agent.toml[17-19]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
Automated review is configured to run only on PR open/reopen/ready-for-review, and **not** when new commits are pushed. As a result, PRs can accumulate new changes without a refreshed /agentic_review run.

## Issue Context
`.pr_agent.toml` sets `handle_push_trigger = false` and `handle_pr_actions` does not include the PR `synchronize` action (the GitHub action fired on new commits pushed to an existing PR).

## Fix Focus Areas
- .pr_agent.toml[6-16]
- .pr_agent.toml[17-19]

## Suggested fix
Choose one:
1) Add `synchronize` to `handle_pr_actions` and ensure the app runs review on that event, **or**
2) Set `handle_push_trigger = true` and define `push_commands = ["/agentic_review"]` (optionally with throttling/debouncing to limit noise).

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---