-
Notifications
You must be signed in to change notification settings - Fork 219
Expand file tree
/
Copy path.coderabbit.yaml
More file actions
160 lines (156 loc) · 7.36 KB
/
Copy path.coderabbit.yaml
File metadata and controls
160 lines (156 loc) · 7.36 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
# SPDX-FileCopyrightText: Copyright (c) 2026, NVIDIA CORPORATION & AFFILIATES. All rights reserved.
# SPDX-License-Identifier: Apache-2.0
# yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json
# Docs: https://docs.coderabbit.ai/reference/configuration
language: "en-US"
tone_instructions: "Be concise, technical, and specific. Prioritize correctness, security, API compatibility, and maintainability over style nits."
reviews:
profile: assertive
review_status: true
review_details: true
collapse_walkthrough: false
pre_merge_checks:
title:
mode: error
requirements: >-
Title must follow Conventional Commits format:
type(optional-scope)[!]: concise imperative summary
Allowed types: feat, fix, docs, style, refactor, perf, test, build, ci, chore, revert.
Use lowercase type and scope. If the change is a breaking change, add a ! suffix before the colon.
Keep it under 72 characters and do not use a trailing period.
description:
mode: warning
issue_assessment:
mode: warning
auto_title_placeholder: "@coderabbitai"
auto_title_instructions: |
Generate the PR title using Conventional Commits format:
type(optional-scope)[!]: concise imperative summary
Allowed types: feat, fix, docs, style, refactor, perf, test, build, ci, chore, revert.
Prefer scopes from this repository when clear:
agents, api, auth, backend, ci, deploy, deps, docs, skills, sources, tests, tokenomics, ui.
Use lowercase type and scope. If the change is a breaking change, add a ! suffix before the colon.
Keep it under 72 characters and do not use a trailing period.
auto_review:
base_branches: ["develop", "release/.*"]
enabled: true
drafts: false
auto_incremental_review: true
path_filters:
- "!**/.venv/**"
- "!**/.pytest_cache/**"
- "!**/.ruff_cache/**"
- "!**/.mypy_cache/**"
- "!**/.scannerwork/**"
- "!**/__pycache__/**"
- "!**/*.egg-info/**"
- "!**/node_modules/**"
- "!frontends/ui/.next/**"
- "!frontends/ui/coverage/**"
- "!docs/_build/**"
- "!htmlcov/**"
- "!coverage.xml"
- "!report.xml"
- "!**/junit.xml"
- "!skills/**/skill.oms.sig"
path_instructions:
- path: "src/aiq_agent/agents/**/*"
instructions: |
Review agent changes for research workflow correctness, graph state transitions, prompt/tool contracts,
HITL behavior, and failure handling. Flag changes that weaken source attribution, report generation,
async cancellation, checkpointing, or data-source selection without focused tests and docs.
- path: "{src/aiq_agent/fastapi_extensions/**,frontends/aiq_api/src/aiq_api/**}"
instructions: |
Treat API, auth, and job-runner changes as externally visible contracts. Check authorization boundaries,
request tracing, async job lifecycle, websocket reconnect behavior, error responses, and cross-user data isolation.
Require tests for route behavior, access decisions, and job state transitions when those surfaces change.
- path: "{src/aiq_agent/auth/**,frontends/aiq_api/src/aiq_api/auth/**}"
instructions: |
Review authentication changes for issuer/audience validation, token parsing, error hygiene, logging safety,
and compatibility with local and deployed modes. Do not accept changes that expose tokens, weaken validation,
or blur trusted server-side identity with client-supplied fields.
- path: "{src/aiq_agent/knowledge/**,sources/**}"
instructions: |
Review data-source and knowledge-layer changes for optional dependency boundaries, external API error handling,
retry/rate-limit behavior, deterministic tests, and registration consistency. New source packages should include
package metadata, plugin registration when applicable, and source-level tests.
- path: "src/aiq_agent/tokenomics/**/*"
instructions: |
Review tokenomics changes for deterministic accounting, pricing-data assumptions, rounding behavior, and report
compatibility. Flag pricing or aggregation changes without representative tests and clear documentation updates.
- path: "frontends/ui/**/*"
instructions: |
Review UI changes for strict TypeScript behavior, API contract alignment, auth/session handling, accessible controls,
resilient loading and error states, and report/chat state consistency. Prefer existing UI patterns and require tests
for changed user-visible workflows.
- path: "{deploy/**,configs/**}"
instructions: |
Review deployment and config changes for secret separation, safe defaults, local-vs-production behavior, Helm and
Docker portability, and documentation parity. Flag committed credentials, environment-specific NVIDIA internals in
public defaults, and changes that make examples diverge from CI-tested paths.
- path: "{skills/**,.agents/skills/**,.claude/skills/**,.github/skill-eval/**}"
instructions: |
Review Agent Skill and skill-eval changes for valid skill metadata, deterministic eval specs, safe handling of
credentials, and clear generated-output boundaries. Do not flag SKILL.md files for missing SPDX headers when the
entrypoint intentionally starts with YAML frontmatter.
- path: "{.github/**,ci/**,.pre-commit-config.yaml,pyproject.toml,uv.lock}"
instructions: |
Review automation and packaging changes for least-privilege permissions, pinned versions where appropriate,
copy-pr-bot pull-request/<N> branch behavior, reproducible uv/npm setup, secret handling, and consistency with
the documented validation matrix.
- path: "{docs/**,README.md,CONTRIBUTING.md,SECURITY.md,CODE-OF-CONDUCT.md}"
instructions: |
Review documentation for command accuracy, branch-name consistency, current CI and copy-pr-bot behavior, public
vs internal boundary clarity, stale examples, and links that no longer match the repository layout.
poem: false
sequence_diagrams: true
suggested_reviewers: false
tools:
actionlint:
enabled: true
checkov:
enabled: true
dotenvLint:
enabled: true
eslint:
enabled: true
gitleaks:
enabled: true
markdownlint:
enabled: true
osvScanner:
enabled: true
ruff:
enabled: true
semgrep:
enabled: true
shellcheck:
enabled: true
trivy:
enabled: true
yamllint:
enabled: true
zizmor:
enabled: true
auto_apply_labels: true
labeling_instructions:
- label: DO NOT MERGE
instructions: >-
Apply this label to PRs that should not be merged due to critical issues, incomplete work,
broken security boundaries, or other blocking concerns. There is no need to apply this label to draft PRs.
- label: duplicate
instructions: >-
Apply this label when the PR addresses the same issue or implements the same feature as another existing PR or issue.
- label: invalid
instructions: >-
Apply this label when the PR contains invalid changes, does not follow project guidelines, or has fundamental issues
that make it unsuitable for the project.
knowledge_base:
code_guidelines:
enabled: true
filePatterns:
- "AGENTS.md"
- "CONTRIBUTING.md"
- "docs/source/contributing/**/*.md"
- ".github/skill-eval/AGENTS.md"
- "skills/**/SKILL.md"