[BUZZOK-29432] Add cursor bugbot guidelines

[cavitcakir]

RATIONALE

CHANGES

PR Automation

Comment-Commands: Trigger CI by commenting on the PR:

• /trigger-smoke-test or /trigger-test-smoke - Run smoke tests
• /trigger-install-test or /trigger-test-install - Run installation tests

Labels: Apply labels to trigger workflows:

• run-smoke-tests or go - Run smoke tests on demand (only works for non-forked PRs)

Important

For Forked PRs: If you're an external contributor, the run-smoke-tests label won't work. Only maintainers can trigger smoke tests on forked PRs by applying the approved-for-smoke-tests label after security review. Please comment requesting maintainer review if you need smoke tests to run.

---

Note

Low Risk
Documentation-only changes with no impact on runtime behavior or APIs. Main risk is process-related (review expectations) rather than technical.

Overview
Adds .cursor/BUGBOT.md with BugBot-specific review instructions, including a checklist of critical change areas (sign-offs), public-repo hygiene, changelog expectations, and git rename guidance.

Updates .github/PULL_REQUEST_TEMPLATE.md to include a comment linking to the same review guideline for contributors/reviewers.

^{Written by Cursor Bugbot for commit f834d44. This will update automatically on new commits. Configure here.}

[cursor]

Internal references exposed in public repository file

High Severity

This file violates rule B1 ("Assume public"). The repository is public (Apache 2.0 licensed, under datarobot-oss/), yet .cursor/BUGBOT.md contains multiple internal references: an internal Confluence URL (datarobot.atlassian.net), internal Slack channel names (#agentic-flow-dev, #dr-cli), references to internal messages ("Message from Anatolii Stehnii in #agentic-flow-dev"), and internal process terms like "PBMPs." These leak internal architecture and communication details to the public. Ironically, the file itself defines rule B1 but violates it.

Additional Locations (2)

• .cursor/BUGBOT.md#L58-L59
• .cursor/BUGBOT.md#L65-L66

 

^{Triggered by project rule: BugBot Review Instructions}

[cursor]

Internal Confluence link added to PR template

Low Severity

An internal Confluence URL (datarobot.atlassian.net) is added to the PR template. While it's inside an HTML comment and won't render in PRs, it's still visible in the public source code, which goes against rule B1 ("Assume public") — specifically the guideline to avoid internal references in a public repository.

 

^{Triggered by project rule: BugBot Review Instructions}

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.}

[cursor]

Internal Atlassian links inaccessible to external contributors

Medium Severity

Both .cursor/BUGBOT.md (line 7) and .github/PULL_REQUEST_TEMPLATE.md (line 25) add a datarobot.atlassian.net link to a private Confluence wiki page. Per rule B1 ("Assume public"), internal references that external contributors cannot access are not appropriate in public repositories. The Confluence link requires internal authentication and provides no value to open-source contributors.

Additional Locations (1)

• .github/PULL_REQUEST_TEMPLATE.md#L24-L25

 

^{Triggered by project rule: BugBot Review Instructions}