## Summary Implement a resolver class that, given a project or merge request, walks the group ancestor hierarchy to collect all applicable Duo Code Review custom instructions and merges them with the project-level instructions, ready for use by the code review pipeline. ## Background Part of [Phase 1 of Group-Level Custom Instructions for Duo Code Review](https://gitlab.com/groups/gitlab-org/-/work_items/21571), which is tracked under the parent epic [https://gitlab.com/groups/gitlab-org/-/work_items/21504](https://gitlab.com/groups/gitlab-org/-/work_items/21504). The DB column and API are introduced in companion issues. This issue covers the core logic that makes group-level instructions actually apply during a code review run: traversing the group hierarchy, reading `.gitlab/duo/mr-review-instructions.yaml` from each designated template project, and producing a merged rule set. ## Implementation - Create a new resolver class (e.g. `Duo::CodeReview::InstructionsResolver`) that accepts a project or merge request - Traverse the project's ancestor groups from most-specific to root, collecting each group's `duo_template_project_id` where set - For each template project found, read `.gitlab/duo/mr-review-instructions.yaml` from the default branch - Also read the project's own `.gitlab/duo/mr-review-instructions.yaml` if present - Merge all collected rule sets: group rules applied first (most-specific group first) as the baseline, project rules appended on top - Handle missing files, inaccessible projects, and empty rule sets gracefully - Integrate the resolver into the existing Duo Code Review execution path so it is called when a review runs - Follow the same traversal strategy used by `CustomFileTemplates` for consistency ## Acceptance Criteria - [ ] Resolver correctly walks all ancestor groups and collects template project IDs - [ ] Rules from ancestor groups are ordered most-specific group first - [ ] Project-level rules are appended after group-level rules - [ ] Missing or inaccessible template projects are skipped without error - [ ] Resolver is called during Duo Code Review execution - [ ] Existing project-only behaviour is unchanged when no group template is configured - [ ] Unit tests cover: no group config, single group, nested groups, project-only, combined - [ ] Performance: no N+1 queries introduced for group hierarchy traversal