|
| 1 | +# Enables IDE autocompletion for this config file |
| 2 | +# yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json |
| 3 | + |
| 4 | +# Language for CodeRabbit's review comments |
| 5 | +language: en |
| 6 | + |
| 7 | +# Enable experimental features (currently not using any specific early_access features) |
| 8 | +early_access: true |
| 9 | + |
| 10 | +chat: |
| 11 | + # CodeRabbit will automatically respond to @coderabbitai mentions in PR comments |
| 12 | + auto_reply: true |
| 13 | + |
| 14 | +reviews: |
| 15 | + profile: assertive # Options: chill (focuses on significant issues, less nitpicky about style), assertive (more thorough, flags style issues and minor improvements too) |
| 16 | + |
| 17 | + auto_review: |
| 18 | + # Automatically trigger reviews when PRs are opened or updated |
| 19 | + enabled: true |
| 20 | + # Skip auto-review if PR title contains these keywords |
| 21 | + ignore_title_keywords: |
| 22 | + - "WIP" |
| 23 | + # Don't auto-review draft PRs |
| 24 | + drafts: false |
| 25 | + # Only auto-review PRs targeting these branches |
| 26 | + base_branches: |
| 27 | + - main |
| 28 | + - develop |
| 29 | + |
| 30 | + # Include a high-level summary at the start of each review |
| 31 | + high_level_summary: true |
| 32 | + |
| 33 | + # Generate sequence diagrams for complex code flows |
| 34 | + sequence_diagrams: true |
| 35 | + |
| 36 | + # Include poems in reviews |
| 37 | + poem: true |
| 38 | + |
| 39 | + # Show review completion status |
| 40 | + review_status: true |
| 41 | + |
| 42 | + # Keep the walkthrough section expanded by default |
| 43 | + collapse_walkthrough: false |
| 44 | + |
| 45 | + # Include summary of all changed files |
| 46 | + changed_files_summary: true |
| 47 | + |
| 48 | + # Automatically request changes on the PR (just leave comments) |
| 49 | + request_changes_workflow: true |
| 50 | + |
| 51 | + # Pre-merge checks to enforce before merging PRs |
| 52 | + pre_merge_checks: |
| 53 | + description: |
| 54 | + # Validate that PR has a proper description |
| 55 | + mode: warning # Options: off, warning, error |
| 56 | + docstrings: |
| 57 | + # Disable docstring coverage checks (let's assume we don't need them) |
| 58 | + mode: off |
| 59 | + |
| 60 | + # Exclude these paths from reviews (build artifacts and dependencies) |
| 61 | + path_filters: |
| 62 | + - "!**/node_modules/**" # npm dependencies |
| 63 | + - "!**/android/**" # Native Android build files |
| 64 | + - "!**/ios/**" # Native iOS build files |
| 65 | + - "!**/.expo/**" # Expo build cache |
| 66 | + - "!**/.expo-shared/**" # Expo shared config |
| 67 | + - "!**/dist/**" # Build output |
| 68 | + |
| 69 | + # Use the following tools when reviewing |
| 70 | + tools: |
| 71 | + shellcheck: |
| 72 | + enabled: true |
| 73 | + ruff: |
| 74 | + enabled: true |
| 75 | + markdownlint: |
| 76 | + enabled: true |
| 77 | + github-checks: |
| 78 | + enabled: true |
| 79 | + timeout_ms: 90000 |
| 80 | + languagetool: |
| 81 | + enabled: true |
| 82 | + enabled_only: false |
| 83 | + level: default |
| 84 | + biome: |
| 85 | + enabled: true |
| 86 | + hadolint: |
| 87 | + enabled: true |
| 88 | + swiftlint: |
| 89 | + enabled: true |
| 90 | + phpstan: |
| 91 | + enabled: true |
| 92 | + level: default |
| 93 | + golangci-lint: |
| 94 | + enabled: true |
| 95 | + yamllint: |
| 96 | + enabled: true |
| 97 | + gitleaks: |
| 98 | + enabled: true |
| 99 | + checkov: |
| 100 | + enabled: true |
| 101 | + detekt: |
| 102 | + enabled: true |
| 103 | + eslint: |
| 104 | + enabled: true |
| 105 | + |
| 106 | + # Apply the following labels to PRs |
| 107 | + labeling_instructions: |
| 108 | + - label: Python Lang |
| 109 | + instructions: Apply when the PR/MR contains changes to python source-code |
| 110 | + - label: Solidity Lang |
| 111 | + instructions: Apply when the PR/MR contains changes to solidity source-code |
| 112 | + - label: Typescript Lang |
| 113 | + instructions: Apply when the PR/MR contains changes to javascript or typescript source-code |
| 114 | + - label: Ergoscript Lang |
| 115 | + instructions: Apply when the PR/MR contains changes to ergoscript source-code |
| 116 | + - label: Bash Lang |
| 117 | + instructions: >- |
| 118 | + Apply when the PR/MR contains changes to shell-scripts or BASH code |
| 119 | + snippets |
| 120 | + - label: Make Lang |
| 121 | + instructions: >- |
| 122 | + Apply when the PR/MR contains changes to the file `Makefile` or makefile |
| 123 | + code snippets |
| 124 | + - label: Documentation |
| 125 | + instructions: >- |
| 126 | + Apply whenever project documentation (namely markdown source-code) is |
| 127 | + updated by the PR/MR |
| 128 | + - label: Linter |
| 129 | + instructions: >- |
| 130 | + Apply when the purpose of the PR/MR is related to fixing the feedback |
| 131 | + from a linter |
| 132 | +
|
| 133 | + # Review instructions that apply to all files |
| 134 | + instructions: >- |
| 135 | + - Verify that documentation and comments are free of spelling mistakes |
| 136 | + - Ensure that test code is automated, comprehensive, and follows testing best practices |
| 137 | + - Verify that all critical functionality is covered by tests |
| 138 | + - Confirm that the code meets the project's requirements and objectives |
| 139 | + - Confirm that copyright years are up-to date whenever a file is changed |
| 140 | + - Point out redundant obvious comments that do not add clarity to the code |
| 141 | + - Look for code duplication |
| 142 | + - Suggest code completions when: |
| 143 | + - seeing a TODO comment |
| 144 | + - seeing a FIXME comment |
| 145 | +
|
| 146 | + # Custom review instructions for specific file patterns |
| 147 | + path_instructions: |
| 148 | + # TypeScript/JavaScript files |
| 149 | + - path: "**/*.{ts,tsx,js,jsx}" |
| 150 | + instructions: | |
| 151 | + NextJS: |
| 152 | + - Ensure that "use client" is being used |
| 153 | + - Ensure that only features that allow pure client-side rendering are used |
| 154 | + - NextJS best practices (including file structure, API routes, and static generation methods) are used. |
| 155 | + |
| 156 | + TypeScript: |
| 157 | + - Avoid 'any', use explicit types |
| 158 | + - Prefer 'import type' for type imports |
| 159 | + - Review for significant deviations from Google JavaScript style guide. Minor style issues are not a priority |
| 160 | + - The code adheres to best practices associated with React |
| 161 | + - The code adheres to best practices associated with React PWA |
| 162 | + - The code adheres to best practices associated with SPA |
| 163 | + - The code adheres to best practices recommended by lighthouse or similar tools for performance |
| 164 | + - The code adheres to best practices associated with Node.js |
| 165 | + - The code adheres to best practices recommended for performance |
| 166 | +
|
| 167 | + Security: |
| 168 | + - No exposed API keys or sensitive data |
| 169 | + - Use expo-secure-store for sensitive storage |
| 170 | + - Validate deep linking configurations |
| 171 | + - Check for common security vulnerabilities such as: |
| 172 | + - SQL Injection |
| 173 | + - XSS (Cross-Site Scripting) |
| 174 | + - CSRF (Cross-Site Request Forgery) |
| 175 | + - Insecure dependencies |
| 176 | + - Sensitive data exposure |
| 177 | +
|
| 178 | + Internationalization: |
| 179 | + - User-visible strings should be externalized to resource files (i18n) |
| 180 | +
|
| 181 | + # HTML files |
| 182 | + - path: "**/*.html" |
| 183 | + instructions: | |
| 184 | + Review the HTML code against the google html style guide and point out any mismatches. Ensure that: |
| 185 | + - The code adheres to best practices recommended by lighthouse or similar tools for performance |
| 186 | +
|
| 187 | + # CSS files |
| 188 | + - path: "**/*.css" |
| 189 | + instructions: | |
| 190 | + Review the CSS code against the google css style guide and point out any mismatches. Ensure that: |
| 191 | + - The code adheres to best practices associated with CSS. |
| 192 | + - The code adheres to best practices recommended by lighthouse or similar tools for performance. |
| 193 | + - The code adheres to similar naming conventions for classes, ids. |
| 194 | +
|
| 195 | + # Python files |
| 196 | + - path: "**/*.{py}" |
| 197 | + instructions: | |
| 198 | + Python: |
| 199 | + - Check for major PEP 8 violations and Python best practices. |
| 200 | +
|
| 201 | + # Solidity Smart Contract files |
| 202 | + - path: "**/*.sol" |
| 203 | + instructions: | |
| 204 | + Solidity: |
| 205 | + - Review the Solidity contracts for security vulnerabilities and adherence to best practices. |
| 206 | + - Ensure immutability is used appropriately (e.g., `immutable` and `constant` where applicable). |
| 207 | + - Ensure there are no unbounded loops that could lead to gas exhaustion. |
| 208 | + - Verify correct and explicit visibility modifiers for all state variables and functions. |
| 209 | + - Flag variables that are declared but used only once or are unnecessary. |
| 210 | + - Identify potential gas optimization opportunities without compromising readability or security. |
| 211 | + - Verify that any modification to contract logic includes corresponding updates to automated tests. |
| 212 | + - Ensure failure paths and revert scenarios are explicitly handled and validated. |
| 213 | + - Validate proper access control enforcement (e.g., Ownable, RBAC, role checks). |
| 214 | + - Ensure consistent and correct event emission for all state-changing operations. |
| 215 | + - Confirm architectural consistency with existing contracts (no unintended storage layout changes unless clearly documented). |
| 216 | + - Flag major feature additions or architectural changes that were implemented without prior design discussion (if applicable). |
| 217 | + - Flag pull requests that mix unrelated changes or multiple concerns in a single submission. |
| 218 | + - Ensure security-sensitive logic changes are not introduced without adequate test coverage. |
| 219 | + - Review for common smart contract vulnerabilities, including but not limited to: |
| 220 | + - Reentrancy |
| 221 | + - Improper input validation |
| 222 | + - Access control bypass |
| 223 | + - Integer overflows/underflows (if using unchecked blocks) |
| 224 | + - Front-running risks where applicable |
| 225 | +
|
| 226 | +
|
| 227 | + # Javascript/Typescript test files |
| 228 | + - path: "**/*.test.{ts,tsx,js,jsx}" |
| 229 | + instructions: | |
| 230 | + Review test files for: |
| 231 | + - Comprehensive coverage of component behavior |
| 232 | + - Proper use of @testing-library/react-native |
| 233 | + - Async behavior is properly tested |
| 234 | + - Accessibility testing is included |
| 235 | + - Test descriptions are sufficiently detailed to clarify the purpose of each test |
| 236 | + - The tests are not tautological |
| 237 | +
|
| 238 | + # Solidity test files |
| 239 | + - path: "**/*.test.{sol}" |
| 240 | + instructions: | |
| 241 | + Review test files for: |
| 242 | + - Comprehensive coverage of contract behavior. |
| 243 | + - Coverage of success paths, edge cases, and failure/revert scenarios. |
| 244 | + - Proper validation of access control restrictions. |
| 245 | + - Verification of event emissions where applicable. |
| 246 | + - Explicit validation of state changes after each relevant function call. |
| 247 | + - Adequate test updates whenever contract logic is modified. |
| 248 | + - Deterministic behavior (tests should not rely on implicit execution order or shared mutable state). |
| 249 | + - Clear and descriptive test names that reflect the intended behavior being validated. |
| 250 | +
|
| 251 | +
|
| 252 | + # Asset files (images, fonts, etc.) |
| 253 | + - path: "assets/**/*" |
| 254 | + instructions: | |
| 255 | + Review asset files for: |
| 256 | + - Image optimization (appropriate size and format) |
| 257 | + - Proper @2x and @3x variants for different screen densities |
| 258 | + - SVG assets are optimized |
| 259 | + - Font files are licensed and optimized |
0 commit comments