From 493c11a22ec7a45ea615e6d0781d76050869c49d Mon Sep 17 00:00:00 2001 From: Aniket Date: Sat, 21 Feb 2026 12:52:53 +0530 Subject: [PATCH] Create .coderabbit.yaml --- .coderabbit.yaml | 280 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 280 insertions(+) create mode 100644 .coderabbit.yaml diff --git a/.coderabbit.yaml b/.coderabbit.yaml new file mode 100644 index 0000000..f69abfe --- /dev/null +++ b/.coderabbit.yaml @@ -0,0 +1,280 @@ +# Enables IDE autocompletion for this config file +# yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json + +# Language for CodeRabbit's review comments +language: en + +# Enable experimental features (currently not using any specific early_access features) +early_access: true + +chat: + # CodeRabbit will automatically respond to @coderabbitai mentions in PR comments + auto_reply: true + +issue_enrichment: + labeling: + auto_apply_labels: true + labeling_instructions: + - label: bug + instructions: Issues reporting bugs, errors, crashes, incorrect behavior, or unexpected results. This includes runtime errors, logic errors, broken functionality, regressions, and any deviation from expected or documented behavior. + - label: enhancement + instructions: Feature requests, improvements to existing functionality, performance optimizations, refactoring suggestions, UI/UX enhancements, and any suggestions to make the project better or add new capabilities. + - label: documentation + instructions: Documentation updates, additions, corrections, or clarifications needed. This includes missing docs, outdated information, unclear instructions, API documentation, code examples, README improvements, and any requests for better explanations or guides. + planning: + enabled: true + auto_planning: + enabled: true + labels: + - "plan-me" # Auto-plan issues with this label + - "feature" # Also auto-plan these + - "!no-plan" # Never auto-plan issues with this label + +reviews: + profile: assertive # Options: chill (focuses on significant issues, less nitpicky about style), assertive (more thorough, flags style issues and minor improvements too) + + auto_review: + # Automatically trigger reviews when PRs are opened or updated + enabled: true + # Skip auto-review if PR title contains these keywords + ignore_title_keywords: + - "WIP" + # Don't auto-review draft PRs + drafts: false + # Only auto-review PRs targeting these branches + base_branches: + - main + - develop + + # Include a high-level summary at the start of each review + high_level_summary: true + + # Generate sequence diagrams for complex code flows + sequence_diagrams: true + + # Include poems in reviews + poem: true + + # Show review completion status + review_status: true + + # Keep the walkthrough section expanded by default + collapse_walkthrough: false + + # Include summary of all changed files + changed_files_summary: true + + # Automatically request changes on the PR (just leave comments) + request_changes_workflow: true + + # Pre-merge checks to enforce before merging PRs + pre_merge_checks: + description: + # Validate that PR has a proper description + mode: warning # Options: off, warning, error + docstrings: + # Disable docstring coverage checks (let's assume we don't need them) + mode: off + + # Exclude these paths from reviews (build artifacts and dependencies) + path_filters: + - "!**/node_modules/**" # npm dependencies + - "!**/android/**" # Native Android build files + - "!**/ios/**" # Native iOS build files + - "!**/.expo/**" # Expo build cache + - "!**/.expo-shared/**" # Expo shared config + - "!**/dist/**" # Build output + + # Use the following tools when reviewing + tools: + shellcheck: + enabled: true + ruff: + enabled: true + markdownlint: + enabled: true + github-checks: + enabled: true + timeout_ms: 90000 + languagetool: + enabled: true + enabled_only: false + level: default + biome: + enabled: true + hadolint: + enabled: true + swiftlint: + enabled: true + phpstan: + enabled: true + level: default + golangci-lint: + enabled: true + yamllint: + enabled: true + gitleaks: + enabled: true + checkov: + enabled: true + detekt: + enabled: true + eslint: + enabled: true + + # Apply the following labels to PRs + labeling_instructions: + - label: Python Lang + instructions: Apply when the PR/MR contains changes to python source-code + - label: Solidity Lang + instructions: Apply when the PR/MR contains changes to solidity source-code + - label: Typescript Lang + instructions: Apply when the PR/MR contains changes to javascript or typescript source-code + - label: Ergoscript Lang + instructions: Apply when the PR/MR contains changes to ergoscript source-code + - label: Bash Lang + instructions: >- + Apply when the PR/MR contains changes to shell-scripts or BASH code + snippets + - label: Make Lang + instructions: >- + Apply when the PR/MR contains changes to the file `Makefile` or makefile + code snippets + - label: Documentation + instructions: >- + Apply whenever project documentation (namely markdown source-code) is + updated by the PR/MR + - label: Linter + instructions: >- + Apply when the purpose of the PR/MR is related to fixing the feedback + from a linter + + # Review instructions that apply to all files + instructions: >- + - Verify that documentation and comments are free of spelling mistakes + - Ensure that test code is automated, comprehensive, and follows testing best practices + - Verify that all critical functionality is covered by tests + - Confirm that the code meets the project's requirements and objectives + - Confirm that copyright years are up-to date whenever a file is changed + - Point out redundant obvious comments that do not add clarity to the code + - Ensure that comments are concise and suggest more concise comment statements if possible + - Discourage usage of verbose comment styles such as NatSpec + - Look for code duplication + - Suggest code completions when: + - seeing a TODO comment + - seeing a FIXME comment + + # Custom review instructions for specific file patterns + path_instructions: + # TypeScript/JavaScript files + - path: "**/*.{ts,tsx,js,jsx}" + instructions: | + NextJS: + - Ensure that "use client" is being used + - Ensure that only features that allow pure client-side rendering are used + - NextJS best practices (including file structure, API routes, and static generation methods) are used. + + TypeScript: + - Avoid 'any', use explicit types + - Prefer 'import type' for type imports + - Review for significant deviations from Google JavaScript style guide. Minor style issues are not a priority + - The code adheres to best practices associated with React + - The code adheres to best practices associated with React PWA + - The code adheres to best practices associated with SPA + - The code adheres to best practices recommended by lighthouse or similar tools for performance + - The code adheres to best practices associated with Node.js + - The code adheres to best practices recommended for performance + + Security: + - No exposed API keys or sensitive data + - Use expo-secure-store for sensitive storage + - Validate deep linking configurations + - Check for common security vulnerabilities such as: + - SQL Injection + - XSS (Cross-Site Scripting) + - CSRF (Cross-Site Request Forgery) + - Insecure dependencies + - Sensitive data exposure + + Internationalization: + - User-visible strings should be externalized to resource files (i18n) + + # HTML files + - path: "**/*.html" + instructions: | + Review the HTML code against the google html style guide and point out any mismatches. Ensure that: + - The code adheres to best practices recommended by lighthouse or similar tools for performance + + # CSS files + - path: "**/*.css" + instructions: | + Review the CSS code against the google css style guide and point out any mismatches. Ensure that: + - The code adheres to best practices associated with CSS. + - The code adheres to best practices recommended by lighthouse or similar tools for performance. + - The code adheres to similar naming conventions for classes, ids. + + # Python files + - path: "**/*.{py}" + instructions: | + Python: + - Check for major PEP 8 violations and Python best practices. + + # Solidity Smart Contract files + - path: "**/*.sol" + instructions: | + Solidity: + - Review the Solidity contracts for security vulnerabilities and adherence to best practices. + - Ensure immutability is used appropriately (e.g., `immutable` and `constant` where applicable). + - Ensure there are no unbounded loops that could lead to gas exhaustion. + - Verify correct and explicit visibility modifiers for all state variables and functions. + - Flag variables that are declared but used only once or are unnecessary. + - Identify potential gas optimization opportunities without compromising readability or security. + - Verify that any modification to contract logic includes corresponding updates to automated tests. + - Ensure failure paths and revert scenarios are explicitly handled and validated. + - Validate proper access control enforcement (e.g., Ownable, RBAC, role checks). + - Ensure consistent and correct event emission for all state-changing operations. + - Confirm architectural consistency with existing contracts (no unintended storage layout changes unless clearly documented). + - Flag major feature additions or architectural changes that were implemented without prior design discussion (if applicable). + - Flag pull requests that mix unrelated changes or multiple concerns in a single submission. + - Ensure security-sensitive logic changes are not introduced without adequate test coverage. + - Review for common smart contract vulnerabilities, including but not limited to: + - Reentrancy + - Improper input validation + - Access control bypass + - Integer overflows/underflows (if using unchecked blocks) + - Front-running risks where applicable + + + # Javascript/Typescript test files + - path: "**/*.test.{ts,tsx,js,jsx}" + instructions: | + Review test files for: + - Comprehensive coverage of component behavior + - Proper use of @testing-library/react-native + - Async behavior is properly tested + - Accessibility testing is included + - Test descriptions are sufficiently detailed to clarify the purpose of each test + - The tests are not tautological + + # Solidity test files + - path: "**/*.test.{sol}" + instructions: | + Review test files for: + - Comprehensive coverage of contract behavior. + - Coverage of success paths, edge cases, and failure/revert scenarios. + - Proper validation of access control restrictions. + - Verification of event emissions where applicable. + - Explicit validation of state changes after each relevant function call. + - Adequate test updates whenever contract logic is modified. + - Deterministic behavior (tests should not rely on implicit execution order or shared mutable state). + - Clear and descriptive test names that reflect the intended behavior being validated. + + + # Asset files (images, fonts, etc.) + - path: "assets/**/*" + instructions: | + Review asset files for: + - Image optimization (appropriate size and format) + - Proper @2x and @3x variants for different screen densities + - SVG assets are optimized + - Font files are licensed and optimized