-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.coderabbit.yaml
More file actions
68 lines (63 loc) · 2.26 KB
/
.coderabbit.yaml
File metadata and controls
68 lines (63 loc) · 2.26 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
# yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json
language: "en-AU"
early_access: false
reviews:
profile: "assertive"
request_changes_workflow: true
high_level_summary: true
poem: false
review_status: true
collapse_walkthrough: false
auto_review:
enabled: true
drafts: false
path_instructions:
- path: "**/*.rs"
instructions: |
Rust code. Check for unsafe blocks, unwrap abuse, missing error propagation,
and clippy-level issues. Prefer Result over panic. Pay special attention to
FFI boundaries (NAPI, PyO3) — verify buffer lengths, null checks, and that
keys/secrets are zeroized on drop.
- path: "**/*.py"
instructions: |
Python code. Enforce ruff compatibility, type hints on public APIs,
guard clauses over nesting. No bare except clauses. Secrets must use
pydantic SecretStr. Config via pydantic-settings only.
- path: "**/*.ts"
instructions: |
TypeScript code. Strict mode, no `any` types on public APIs.
Verify async error handling — no unhandled promise rejections.
Check that NAPI bindings match Rust function signatures exactly.
- path: "**/encryption/**"
instructions: |
Security-critical encryption code. Verify AAD v0x03 format compliance,
key length validation (exactly 32 bytes), nonce uniqueness, and that
keys never leak into error messages or logs. Cross-reference with
protocol spec at https://github.com/cachekit-io/protocol.
- path: ".github/workflows/**"
instructions: |
GitHub Actions workflows. All actions MUST be pinned to full 40-char SHA
with a version comment (e.g., `@a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0` # v6). Never use tag refs.
- path: "**/Dockerfile*"
instructions: |
Dockerfiles. Check for missing cleanup (rm -rf /var/lib/apt/lists/*),
unnecessary layers, running as root, and unpinned base images.
tools:
shellcheck:
enabled: true
actionlint:
enabled: true
gitleaks:
enabled: true
ruff:
enabled: true
yamllint:
enabled: true
hadolint:
enabled: true
biome:
enabled: true
eslint:
enabled: true
chat:
auto_reply: true