chore: add org-canonical .coderabbit.yaml

[27Bslash6]

CodeRabbit reads .coderabbit.yaml only from each repo's own root — the file at cachekit-io/.github/.coderabbit.yaml is not honored despite the GitHub convention working for CODEOWNERS / PR templates / Dependabot.

This PR adds the org-canonical CodeRabbit configuration to this repo so it takes effect:

• assertive review profile + path-specific instructions (Rust FFI safety, Python ruff/pydantic, TS strict mode, encryption-code AAD/key checks, workflow SHA-pinning, Dockerfile hygiene)
• request_changes_workflow: true (enables @coderabbitai approve / @coderabbitai resolve commands and auto-approve when comments are resolved)
• tools enabled: shellcheck, actionlint, gitleaks, ruff, yamllint, hadolint, biome, eslint

Source of truth: cachekit-io/.github/.coderabbit.yaml. Keep this file in sync when the canonical version updates.

Summary by CodeRabbit

• Chores
  • Added configuration to enable automated code review tooling and path-aware review rules.
  • Set review behaviour defaults and language to en-AU for reviews and summaries.
  • Enabled a set of static-analysis linters and checks to run automatically.
  • Turned on chat auto-reply to streamline review interactions.

[coderabbitai]

Walkthrough

A new .coderabbit.yaml configuration file is added. It establishes CodeRabbit settings for review behaviour (assertive profile, workflow mode, summary display), enables automated review with path-specific instruction rules for various file types (Rust, Python, TypeScript, encryption, workflows, Dockerfiles), and integrates multiple analysis tools (linting, security scanning, CI validation), plus chat.auto_reply.

Changes

CodeRabbit Configuration Setup

Layer / File(s)	Summary
Configuration schema and review settings .coderabbit.yaml	Sets CodeRabbit schema reference and top-level config: language: "en-AU", early_access: false, and review behaviour (assertive profile, request-changes workflow, high-level summaries, poem/review-status/collapsing toggles).
Auto-review path-specific instructions .coderabbit.yaml	Enables auto_review and adds path_instructions for **/*.rs, **/*.py, **/*.ts, **/encryption/**, .github/workflows/**, and **/Dockerfile* with per-path review requirements.
Automated tools and chat .coderabbit.yaml	Enables analysis tools: shellcheck, actionlint, gitleaks, ruff, yamllint, hadolint, biome, eslint, and enables chat.auto_reply.

🎯 2 (Simple) | ⏱️ ~8 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly describes the primary change: adding a CodeRabbit configuration file to the repository root.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/add-coderabbit-yaml

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[27Bslash6]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[27Bslash6]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.coderabbit.yaml:
- Line 44: The glob pattern "**/Dockerfile*" may miss a root-level Dockerfile;
update the path entry that currently equals "**/Dockerfile*" to include the
repository root by adding a separate pattern such as "Dockerfile*" (or use a
brace/list like "{Dockerfile*,**/Dockerfile*}") so the .coderabbit.yaml path key
will match both root and nested Dockerfile names.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: e24fc40a-30c7-465c-b594-1c0c370e22f4

📥 Commits

Reviewing files that changed from the base of the PR and between c94eab5 and ef171aa.

📒 Files selected for processing (1)

• .coderabbit.yaml

[27Bslash6]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[27Bslash6]

@coderabbitai full review

[coderabbitai]

✅ Actions performed

Full review triggered.

[coderabbitai]

♻️ Duplicate comments (1)

.coderabbit.yaml (1)

48-48: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Broaden Dockerfile path matching to include repository root.

Line 48 uses only "**/Dockerfile*", which may miss a root-level Dockerfile in some glob engines. Add an explicit root pattern.

Suggested patch

-    - path: "**/Dockerfile*"
+    - path: "Dockerfile*"
+    - path: "**/Dockerfile*"

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.coderabbit.yaml at line 48, The glob pattern "**/Dockerfile*" may miss a
root-level Dockerfile; update the path list in .coderabbit.yaml to include an
explicit root pattern (for example add "Dockerfile" or "./Dockerfile" alongside
the existing "**/Dockerfile*") so both repository-root and nested Dockerfiles
are matched; edit the value referenced as the path pattern ("**/Dockerfile*") to
add the root-level entry.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Duplicate comments:
In @.coderabbit.yaml:
- Line 48: The glob pattern "**/Dockerfile*" may miss a root-level Dockerfile;
update the path list in .coderabbit.yaml to include an explicit root pattern
(for example add "Dockerfile" or "./Dockerfile" alongside the existing
"**/Dockerfile*") so both repository-root and nested Dockerfiles are matched;
edit the value referenced as the path pattern ("**/Dockerfile*") to add the
root-level entry.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 407e0404-3c85-4060-8827-36d2d9424c59

📥 Commits

Reviewing files that changed from the base of the PR and between c94eab5 and c5ccfa7.

📒 Files selected for processing (1)

• .coderabbit.yaml