agents: clarify risk section rules for no-risk entries and optional Other category

[EdDev]

Summary

• When no risk exists in a category, only the Mitigation field is required with a brief justification — no Sign-off or category-specific fields needed. Sign-off is only required when an actual risk is described.
• The Other risk category is now optional — only include it when risks exist that don't fit the 6 standard categories. Requiring it when there is nothing to add is unnecessary noise.

Test plan

• Review AGENTS.md II.5 section to confirm the updated rules are clear and unambiguous
• Verify the rules are correctly applied when reviewing the next STP PR

🤖 Generated with Claude Code

Summary by CodeRabbit

• Documentation
  • Updated risk assessment checklist to expect 6 standard risk categories (reduced from 7).
  • Refined requirements for risk documentation: actual risks now require full field completion, while no-risk scenarios only need brief justification.
  • Updated rejection criteria for incomplete submissions, including clearer sign-off conditions and N/A validation rules.

[openshift-virtualization-qe-bot]

Report bugs in Issues

Welcome! 🎉

This pull request will be automatically processed with the following features:

🔄 Automatic Actions

• Reviewer Assignment: Reviewers are automatically assigned based on the OWNERS file in the repository root
• Size Labeling: PR size labels (XS, S, M, L, XL, XXL) are automatically applied based on changes
• Issue Creation: A tracking issue is created for this PR and will be closed when the PR is merged or closed
• Branch Labeling: Branch-specific labels are applied to track the target branch
• Auto-verification: Auto-verified users have their PRs automatically marked as verified
• Labels: Enabled categories: branch, can-be-merged, cherry-pick, has-conflicts, hold, needs-rebase, size, verified, wip

📋 Available Commands

PR Status Management

• /wip - Mark PR as work in progress (adds WIP: prefix to title)
• /wip cancel - Remove work in progress status
• /hold - Block PR merging (approvers only)
• /hold cancel - Unblock PR merging
• /verified - Mark PR as verified
• /verified cancel - Remove verification status
• /reprocess - Trigger complete PR workflow reprocessing (useful if webhook failed or configuration changed)
• /regenerate-welcome - Regenerate this welcome message

Review & Approval

• /lgtm - Approve changes (looks good to me)
• /approve - Approve PR (approvers only)
• /assign-reviewers - Assign reviewers based on OWNERS file
• /assign-reviewer @username - Assign specific reviewer
• /check-can-merge - Check if PR meets merge requirements

Testing & Validation

• /retest tox - Run Python test suite with tox
• /retest all - Run all available tests

Cherry-pick Operations

• /cherry-pick <branch> - Schedule cherry-pick to target branch when PR is merged
  • Multiple branches: /cherry-pick branch1 branch2 branch3

Label Management

• /<label-name> - Add a label to the PR
• /<label-name> cancel - Remove a label from the PR

✅ Merge Requirements

This PR will be automatically approved when the following conditions are met:

1. Approval: /approve from at least one approver
2. LGTM Count: Minimum 2 /lgtm from reviewers
3. Status Checks: All required status checks must pass
4. No Blockers: No wip, hold, has-conflicts labels and PR must be mergeable (no conflicts)

📊 Review Process

Approvers and Reviewers

Approvers:

• rnetser

Reviewers:

• rnetser

Available Labels

• hold
• verified
• wip
• lgtm
• approve

AI Features

• Cherry-Pick Conflict Resolution: Enabled (claude/claude-opus-4-6[1m])

💡 Tips

• WIP Status: Use /wip when your PR is not ready for review
• Verification: The verified label is removed on new commits unless the push is detected as a clean rebase
• Cherry-picking: Cherry-pick labels are processed when the PR is merged
• Permission Levels: Some commands require approver permissions
• Auto-verified Users: Certain users have automatic verification and merge privileges

For more information, please refer to the project documentation or contact the maintainers.

[coderabbitai]

Warning

Rate limit exceeded

@EdDev has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 46 minutes and 28 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 46 minutes and 28 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 3dda1952-0b06-48eb-8d50-e1f8cb51ec4e

📥 Commits

Reviewing files that changed from the base of the PR and between 45f47f3 and e5eaec5.

📒 Files selected for processing (1)

• AGENTS.md

📝 Walkthrough

Walkthrough

The AGENTS.md checklist for "II.5 — Risks" is revised to expect 6 standard risk categories instead of 7, removes unconditional "Other" requirements, and introduces differentiated validation logic: actual risks require full documentation (Risk description, Mitigation strategy, Sign-off), while no-risk entries require only brief mitigation justification.

Changes

Cohort / File(s)	Summary
Documentation & Review Criteria AGENTS.md	Updated "II.5 — Risks" checklist: reduced from 7 to 6 risk categories, eliminated unconditional "Other" requirement, differentiated field requirements between actual risks and no-risk cases. Sign-off now required only when real risk exists. Updated rejection criteria for missing sign-offs and bare "N/A" mitigations.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

WHY: Documentation changes with logic shifts require careful validation to ensure new differentiation rules (actual risk vs. no-risk handling) are clearly articulated and won't create ambiguity during application. The reduced category count and conditional field requirements introduce new decision points reviewers must verify function correctly and are communicated unambiguously.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically describes the main change: clarifying risk section rules for handling no-risk entries and making the Other category optional.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@AGENTS.md`:
- Around line 195-202: Clarify what "category-specific fields" means in the
checklist by expanding the phrase into concrete examples and where to fill them:
update the AGENTS.md checklist item that currently says "category-specific
fields" to list representative fields per risk category (e.g., for
Timeline/Schedule: "Estimated impact on schedule"; for Test Coverage: "Areas
with reduced coverage"; for Test Environment: "Missing or unavailable
environments"; for Resource Constraints: "Missing resources or infrastructure";
for Dependencies: "Third-party services or blockers"; for Untestable Aspects:
"Reason untestable and mitigation approach"), and add a brief note that these
example fields are required only when a risk exists (otherwise only a short
justification for "no risk" is needed).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: f4f701d9-4f17-4be0-8360-747878268f9b

📥 Commits

Reviewing files that changed from the base of the PR and between 9035358 and 45f47f3.

📒 Files selected for processing (1)

• AGENTS.md

[rnetser]

thanks for this PR

[rnetser]

/approve
/lgtm