-
Notifications
You must be signed in to change notification settings - Fork 58
Expand file tree
/
Copy path.coderabbit.yml
More file actions
420 lines (384 loc) · 14.6 KB
/
.coderabbit.yml
File metadata and controls
420 lines (384 loc) · 14.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
# yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json
# Knight Hacks — Forge Monorepo
# Last Updated: 2026-02-07
# ── General Settings ────────────────────────────────────────────────────
language: "en-US"
early_access: true
enable_free_tier: true
# Max 250 chars — kept tight
tone_instructions: >
Be concise, educational, and actionable. Show code fixes. Explain the "why."
Developers range from beginners to experienced. Reference CONTRIBUTING.md
conventions when relevant. Be constructive, not critical.
# ── Reviews ─────────────────────────────────────────────────────────────
reviews:
profile: "chill"
request_changes_workflow: true
# Summary & walkthrough
high_level_summary: true
high_level_summary_placeholder: "@coderabbitai summary"
high_level_summary_in_walkthrough: false
collapse_walkthrough: true
sequence_diagrams: true
changed_files_summary: true
estimate_code_review_effort: true
# PR title
auto_title_instructions: >
Format: "[#ISSUE] <description>". Keep under 72 chars.
Example: "[#42] Add member registration endpoint"
# Context & status
assess_linked_issues: true
related_issues: true
related_prs: true
review_status: true
review_details: false
commit_status: true
fail_commit_status: false
abort_on_close: true
disable_cache: false
# Labels
suggested_labels: true
auto_apply_labels: false
labeling_instructions:
# App labels
- label: "Blade"
instructions: "Apply when PR changes files in apps/blade/**"
- label: "Guild"
instructions: "Apply when PR changes files in apps/guild/**"
- label: "CRON"
instructions: "Apply when PR changes files in apps/cron/**"
- label: "T.K"
instructions: "Apply when PR changes files in apps/tk/**"
- label: "Hack Sites"
instructions: "Apply when PR changes files in a hackathon app (e.g. apps/2025/**, or similar year-based app directories)"
# Package labels
- label: "API"
instructions: "Apply when PR changes files in packages/api/** (tRPC routers, procedures)"
- label: "Constants"
instructions: "Apply when PR changes files in packages/consts/** (constants)"
- label: "UI"
instructions: "Apply when PR changes files in packages/ui/** (shared component library)"
- label: "Database"
instructions: "Apply when PR changes files in packages/db/** (schemas, migrations, queries)"
# Type labels
- label: "Bug"
instructions: "Apply when PR fixes a bug or corrects broken behavior"
- label: "Feature"
instructions: "Apply when PR adds new functionality or capabilities"
- label: "Documentation"
instructions: "Apply when PR primarily changes .md files, JSDoc, or comments"
# Size labels
- label: "Major"
instructions: "Apply when PR touches 3+ packages/apps, changes shared APIs, or modifies database schemas. These need 2+ reviewers."
- label: "Minor"
instructions: "Apply when PR is a small, focused change in a single package/app. 1 reviewer sufficient."
# Workflow labels (CodeRabbit should suggest but not typically apply these)
- label: "Duplicate"
instructions: "Apply only if this PR clearly duplicates another open PR solving the same issue"
- label: "Help Wanted"
instructions: "Do not auto-suggest this label — it is manually applied to issues needing assignment"
- label: "Onboarding"
instructions: "Do not auto-suggest this label — it is manually applied to good first issues"
# Reviewers
suggested_reviewers: true
auto_assign_reviewers: false
# Misc
enable_prompt_for_ai_agents: true
poem: false
in_progress_fortune: false
# ── Path Filters ──────────────────────────────────────────────────────
path_filters:
- "!**/node_modules/**"
- "!**/dist/**"
- "!**/build/**"
- "!**/.next/**"
- "!**/.turbo/**"
- "!**/.cache/**"
- "!**/coverage/**"
- "!pnpm-lock.yaml"
- "!**/*.generated.*"
- "!**/*.min.js"
- "!**/*.min.css"
# ── Path Instructions ─────────────────────────────────────────────────
path_instructions:
# Shared Packages
- path: "packages/api/**"
instructions: |
Shared tRPC API layer used by all apps. Pay special attention to:
- Breaking changes to router signatures (affects all consumers)
- Zod schema validation on all inputs
- Authorization checks in every procedure
- Error handling with user-facing messages
- Database transaction handling
- Integration points (Stripe, Discord, MinIO, PassKit)
- No N+1 query patterns
- path: "packages/db/**"
instructions: |
Database layer with Drizzle ORM + PostgreSQL. Critical checks:
- Schema changes must have a migration path (no db:push to production)
- Backwards compatibility or documented breaking changes
- Indexes on frequently queried columns
- Foreign key constraints and referential integrity
- No raw SQL with string interpolation (use parameterized queries)
- Flag any DROP/DELETE operations prominently
- path: "packages/auth/**"
instructions: |
Authentication via Better Auth. Security-critical:
- Session management and token handling
- Authorization logic and permission checks
- No hardcoded secrets — must use validated env imports
- CSRF protection
- OAuth integration security
- path: "packages/ui/**"
instructions: |
Shared shadcn/ui component library. Focus on:
- Accessibility (ARIA labels, keyboard nav, focus management)
- TypeScript prop types and generics
- Responsive design and mobile support
- Use cn() utility for Tailwind class merging
- Component composition patterns
- path: "packages/validators/**"
instructions: |
Zod validation schemas shared across API and forms. Ensure:
- Comprehensive validation rules with clear error messages
- Reusability across server and client
- Correct type inference (z.infer usage)
- path: "packages/email/**"
instructions: |
Email templates and sending logic. Check:
- Template rendering with proper escaping
- Error handling for send failures
- No hardcoded URLs (use env variables)
- path: "packages/consts/**"
instructions: |
Shared constants used across all apps and packages. Changes here affect the entire monorepo. Check:
- All constant names follow SCREAMING_SNAKE_CASE convention
- Values are intentional and well-documented (Discord IDs, API endpoints, role IDs, etc.)
- URLs and external API endpoints are correct and won't break integrations
- Type definitions are properly exported and used
- Constants do not contain sensitive data
- PROD and DEV constants are prefixed accordingly
- Exported values have valid reason to be shared repository wide
# Applications
- path: "apps/blade/**"
instructions: |
Main app with admin, dashboard, hacker/member/judge portals. Check:
- Proper use of server vs client components ('use client' / 'use server')
- No secrets or API keys in client-side code
- Next.js App Router patterns (layouts, loading, error boundaries)
- Form validation on both client and server
- Payment flows (Stripe) must be thoroughly reviewed
- File uploads (resumes, QR codes) need proper validation
- Role-based access control enforcement
- Accessibility (alt text, ARIA, semantic HTML)
- path: "apps/cron/**"
instructions: |
Scheduled tasks service with Discord integration. Check:
- Cron schedules are clearly documented
- Error handling with retry logic
- Discord webhook failures should not crash the service
- Image processing edge cases handled
- Proper logging for debugging
- path: "apps/tk/**"
instructions: |
Discord bot service. Check:
- Command handlers validate input
- Rate limiting to prevent abuse
- Graceful error handling with user-friendly messages
- Discord API version compatibility
# Tooling & Config
- path: "tooling/**"
instructions: |
Shared ESLint, Prettier, TypeScript, and Tailwind configs.
Changes affect the entire monorepo — flag breaking changes prominently.
Verify changes don't break: pnpm lint, pnpm format, pnpm typecheck.
- path: "**/*.config.*"
instructions: |
Build tool and linter config files. Verify changes don't break CI.
Test locally before merging. Consider DX impact.
- path: ".github/**"
instructions: |
GitHub workflows, templates, and settings.
Test workflow changes in a fork or draft PR first.
Maintain CI performance (parallel jobs, caching).
- path: "**/*.test.*"
instructions: |
Test files. Check for meaningful descriptions, proper assertions,
and no skipped tests without explanation.
# ── Auto Review ───────────────────────────────────────────────────────
auto_review:
enabled: true
auto_incremental_review: true
drafts: false
ignore_title_keywords:
- "WIP"
- "DO NOT MERGE"
- "DO NOT REVIEW"
- "wip"
base_branches: []
# ── Finishing Touches ─────────────────────────────────────────────────
finishing_touches:
docstrings:
enabled: true
unit_tests:
enabled: true
# ── Pre-Merge Checks ─────────────────────────────────────────────────
pre_merge_checks:
title:
mode: "warning"
requirements: >
Must start with an issue number in brackets, e.g. "[#123]".
Followed by a concise description. Keep under 72 chars.
Example: "[#42] Add member registration endpoint"
description:
mode: "warning"
custom_checks:
- name: "No hardcoded secrets"
mode: "error"
instructions: >
Fail if any file contains hardcoded API keys, passwords, tokens,
or secrets as string literals (except in .env.example files or
config files referencing env variables). Look for patterns like
api_key = "sk-...", password = "...", token: "ghp_...".
- name: "Validated env access"
mode: "warning"
instructions: >
Flag any direct usage of process.env outside of env.ts config
files and *.config.* files. The codebase uses validated env
imports (import { env } from "~/env") instead of raw
process.env access.
- name: "No TypeScript escape hatches"
mode: "warning"
instructions: >
Flag usage of 'any' type, @ts-ignore, @ts-expect-error, and
non-null assertions (!.) — suggest 'unknown' with type guards,
optional chaining (?.), or proper typing instead.
# ── Tools ─────────────────────────────────────────────────────────────
tools:
shellcheck:
enabled: true
markdownlint:
enabled: true
gitleaks:
enabled: true
hadolint:
enabled: true
actionlint:
enabled: true
yamllint:
enabled: true
languagetool:
enabled: true
enabled_only: false
level: "default"
biome:
enabled: false
ast-grep:
essential_rules: true
eslint:
enabled: true
# Disabled — not used in this repo
ruff:
enabled: false
phpstan:
enabled: false
phpmd:
enabled: false
phpcs:
enabled: false
golangci-lint:
enabled: false
swiftlint:
enabled: false
detekt:
enabled: false
flake8:
enabled: false
pylint:
enabled: false
rubocop:
enabled: false
clippy:
enabled: false
pmd:
enabled: false
clang:
enabled: false
cppcheck:
enabled: false
buf:
enabled: false
regal:
enabled: false
checkov:
enabled: false
tflint:
enabled: false
circleci:
enabled: false
sqlfluff:
enabled: false
prismaLint:
enabled: false
fortitudeLint:
enabled: false
semgrep:
enabled: false
shopifyThemeCheck:
enabled: false
luacheck:
enabled: false
brakeman:
enabled: false
dotenvLint:
enabled: true
htmlhint:
enabled: false
checkmake:
enabled: false
osvScanner:
enabled: true
blinter:
enabled: false
oxc:
enabled: false
trivy:
enabled: false
# ── Chat ──────────────────────────────────────────────────────────────
chat:
auto_reply: true
art: false
# ── Knowledge Base ────────────────────────────────────────────────────
knowledge_base:
opt_out: false
web_search:
enabled: true
code_guidelines:
enabled: true
filePatterns: []
learnings:
scope: "auto"
issues:
scope: "auto"
pull_requests:
scope: "auto"
# ── Code Generation ──────────────────────────────────────────────────
code_generation:
docstrings:
language: "en-US"
path_instructions: []
unit_tests:
path_instructions: []
# ── Issue Enrichment ─────────────────────────────────────────────────
issue_enrichment:
auto_enrich:
enabled: true
planning:
enabled: true
auto_planning:
enabled: true
labels:
- "Feature"
- "Bug"
- "Help Wanted"
- "Onboarding"