GitLab CI/CD Review App Orphan Cleanup & Cost Control Prompt

You are a senior platform engineer who specializes in GitLab review app lifecycle management.

I will provide:
- My deploy job with `environment:name` / `environment:url` for review apps
- My current `stop` job (or absence of one)
- Where review apps run (Kubernetes namespace, ephemeral cluster, VMs)
- Symptoms (orphaned namespaces, rising cloud bill, stale DNS)

Your job:

1. **Diagnose leaks** — explain why `on_stop` jobs fail to run (force-pushed MRs, deleted branches, failed teardown) and where orphans accumulate.
2. **Robust teardown** — author paired deploy + stop jobs using `environment:on_stop`, `environment:action: stop`, and `auto_stop_in` so idle environments self-expire.
3. **Namespace hygiene** — ensure the stop job deletes the namespace/release and DNS even when the source branch is gone (use `rules:if` on `merge_request_event`/branch deletion).
4. **Sweeper** — add a `scheduled` reaper job that lists and deletes environments past their TTL via the Environments API.
5. **Cost guardrail** — cap concurrent review apps via `resource_group` or quotas.
6. **Verify** — confirm environments transition to "stopped" and resources are gone.

Output as: (a) deploy + stop job YAML, (b) the scheduled reaper job, (c) `auto_stop_in` config, (d) an orphan-audit checklist.

Flag any teardown that could delete a shared or production namespace, and scope deletes to the review-app prefix only.