infra-controller/.coderabbit.yaml at main · NVIDIA/infra-controller · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
# SPDX-FileCopyrightText: Copyright (c) 2026 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
# SPDX-License-Identifier: Apache-2.0

# yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json
language: "en"
early_access: false
tone_instructions: >-
  Act as a Principal Engineer focusing on clean code, performance, and maintainability. Maintain a formal tone, highlighting issues, and suggesting production-grade, elegant, and concise solutions.
reviews:
  profile: chill # Options: assertive / chill
  high_level_summary_in_walkthrough: true
  suggested_reviewers: false
  in_progress_fortune: false
  poem: false
  review_status: true
  collapse_walkthrough: false
  slop_detection:
    enabled: true
  path_filters:
    - "!target/**"
    - "!rest-api/**/*.pb.go"
    - "!rest-api/**/*_grpc.pb.go"
    - "!rest-api/**/*.connect.go"
    - "!rest-api/site-manager/pkg/client/**"
    - "!rest-api/site-manager/pkg/crds/v1/zz_generated.deepcopy.go"
    - "!rest-api/sdk/standard/api_*.go"
    - "!rest-api/sdk/standard/model_*.go"
    - "!rest-api/sdk/standard/client.go"
    - "!rest-api/sdk/standard/configuration.go"
    - "!rest-api/sdk/standard/response.go"
    - "!rest-api/sdk/standard/utils.go"
    - "!rest-api/workflow-schema/site-agent/workflows/v1/*_nico.proto"
    - "!crates/dpf/crds/**"
    - "!crates/mqttea-example/src/sample_protos/**"
    - "!crates/ssh-console-mock-api-server/src/generated/**"
    - "!dev/deployment/devspace/values.generated.yaml"
  path_instructions:
    - path: "crates/**/*.rs"
      instructions: >-
        Review Rust code against STYLE_GUIDE.md: prefer simple explicit code,
        designs that are hard to misuse, justified abstractions, clippy-clean
        changes without broad allows, structured tracing fields, synchronous
        APIs unless async is needed for I/O or timers, no transactions held
        across awaits, joined/cancellable background tasks, idiomatic
        From/TryFrom conversions, and avoiding needless clones. Prefer findings
        about behavior, concurrency, resource lifetimes, and missing tests over
        style-only comments.
    - path: "crates/api*/**"
      instructions: >-
        Review API, model, database, and web changes for request validation,
        authorization boundaries, transaction safety, SQLx/query correctness,
        schema/API compatibility, tenant isolation, `NicoError`-based handler
        errors, and safe request logging via `log_request_data` with sensitive
        fields filtered.
    - path: "crates/*controller*/**"
      instructions: >-
        Review controller logic for reconciliation correctness, idempotency,
        timeout/cancellation behavior, state-machine transitions, and safe
        recovery from partial failures.
    - path: "crates/admin-cli/**"
      instructions: >-
        Review CLI changes for clap behavior, actionable operator-facing error
        messages, realistic help examples, stable command names, and regenerated
        reference documentation when command surfaces change.
    - path: "crates/*redfish*/**"
      instructions: >-
        Review Redfish-facing code for protocol correctness, credential
        handling, vendor-specific behavior, retry/timeout policy, and clear
        operator diagnostics.
    - path: "crates/*dpu*/**"
      instructions: >-
        Review DPU-related code for lifecycle safety, host/DPU trust boundaries,
        reboot/provisioning sequencing, Kubernetes integration assumptions, and
        failure-mode observability.
    - path: "crates/*bmc*/**"
      instructions: >-
        Review BMC-facing code for power-control safety, credential handling,
        vendor differences, timeout behavior, and avoiding leaked raw device
        errors in user-facing responses.
    - path: "crates/*dhcp*/**"
      instructions: >-
        Review DHCP and networking code for lease-state consistency, address
        allocation correctness, packet parsing safety, and dual-stack behavior.
    - path: "crates/*dns*/**"
      instructions: >-
        Review DNS code for record lifecycle correctness, idempotent updates,
        TTL/zone assumptions, and consistency with IP allocation state.
    - path: "crates/*pxe*/**"
      instructions: >-
        Review PXE and boot-artifact code for template correctness, boot-flow
        compatibility, input validation, and safe handling of generated
        artifacts.
    - path: "crates/*test*/**"
      instructions: >-
        Review test-support crates for deterministic behavior, clear fixtures,
        reusable helpers, and avoiding sleeps or shared mutable global state
        that can make CI flaky.
    - path: "crates/api-db/migrations/**"
      instructions: >-
        Review database migrations for forward/backward compatibility,
        lock/transaction impact, idempotency assumptions, data preservation, and
        consistency with Rust and Go data models.
    - path: "lints/**"
      instructions: >-
        Review custom lint changes for false-positive risk, diagnostic quality,
        fixture coverage, and compatibility with the pinned nightly toolchain.
    - path: "rest-api/**/*.go"
      instructions: >-
        Review Go code for correctness, clean control flow, error handling,
        context propagation, test coverage, performance, and cohesive
        organization around well-defined, well-named structs with receiver
        functions when behavior belongs to a domain type. Prefer actionable
        behavioral findings over formatting comments covered by gofmt and
        linters, and discourage scattered independent functions when a receiver
        method would make ownership and responsibilities clearer.
    - path: "rest-api/api/**"
      instructions: >-
        Review REST API server changes for validation, authorization,
        tenant/resource ownership checks, response compatibility, audit logging,
        and consistency with the OpenAPI specification. For new handler CRUD
        functions, check that function names follow existing handler naming
        patterns, and verify new URL paths are registered in
        `rest-api/api/pkg/api/routes.go`.
    - path: "rest-api/api/pkg/api/model/**"
      instructions: >-
        Review REST API models for client-facing compatibility: JSON attribute
        tags must use camelCase, protobuf conversion should live on API model
        structs as ToProto and FromProto receiver functions, and validation
        should prefer ozzo-validation built-in rules and composition over
        reinvented custom validation helpers. When model attributes are added
        or changed, verify the OpenAPI spec is updated with matching schema,
        required/nullable semantics, and examples when applicable.
    - path: "rest-api/db/**"
      instructions: >-
        Review database changes for Bun/pgx query correctness, transaction
        boundaries, migration ordering, data-model compatibility, and avoiding
        raw database errors in API responses.
    - path: "rest-api/workflow/**"
      instructions: >-
        Review cloud Temporal workflow and activity additions/changes for determinism,
        retry policy, cancellation/timeout handling, idempotency, and safe
        external side effects.
    - path: "rest-api/site-workflow/**"
      instructions: >-
        Review site workflow additions/changes for site-local failure recovery,
        idempotency, gRPC/API contract compatibility, and correct coordination
        with cloud inventory workflows. Ensure that workflow and activity names are consistent with the existing ones.
    - path: "rest-api/flow/**"
      instructions: >-
        Review Flow changes for task orchestration correctness, conflict
        resolution, batching behavior, Temporal integration, and observability
        for stuck or failed operations.
    - path: "rest-api/site-agent/**"
      instructions: >-
        Review site-agent changes for local reconciliation safety, Kubernetes
        watch behavior, retry/backoff policy, resource cleanup, and robustness
        during connectivity loss.
    - path: "rest-api/site-manager/**"
      instructions: >-
        Review site-manager changes for Kubernetes API usage, CRD contract
        compatibility, RBAC implications, informer/client behavior, and site
        registration lifecycle safety.
    - path: "rest-api/auth/**"
      instructions: >-
        Review auth changes for JWT/keycloak behavior, token validation,
        authorization boundaries, service-account handling, and secret exposure
        risk.
    - path: "rest-api/cert-manager/**"
      instructions: >-
        Review certificate-management changes for CA/key lifecycle safety,
        renewal behavior, permissions, secret handling, and rotation failure
        modes.
    - path: "rest-api/ipam/**"
      instructions: >-
        Review IPAM changes for allocation uniqueness, subnet/prefix math,
        concurrency, dual-stack behavior, persistence consistency, and clear
        exhaustion errors.
    - path: "rest-api/nvswitch-manager/**"
      instructions: >-
        Review NVSwitch manager changes for firmware workflow safety, hardware
        inventory assumptions, retry/timeout behavior, and operator-visible
        diagnostics.
    - path: "rest-api/powershelf-manager/**"
      instructions: >-
        Review power shelf manager changes for Redfish/power-control safety,
        firmware update sequencing, persistence correctness, and hardware
        failure handling.
    - path: "rest-api/sdk/standard/helpers/**"
      instructions: >-
        Review these hand-written SDK helpers normally. Do not treat them as
        generated OpenAPI output; check public API ergonomics, compatibility,
        and tests.
    - path: "rest-api/sdk/standard/pagination*.go"
      instructions: >-
        Review these hand-written SDK pagination helpers normally. Check
        backward compatibility, HTTP header parsing, and error handling.
    - path: "crates/rpc/proto/**"
      instructions: >-
        Review core gRPC protobuf definitions for STYLE_GUIDE.md compatibility:
        list APIs should use paginated FindResourceIds and FindResourcesByIds
        shapes, configurable resources should separate id, config, status,
        metadata, and version fields, state-handler resources should include
        state, state_version, state_reason, and state_sla fields, and field
        numbers/names should preserve wire compatibility.
    - path: "**/*.proto"
      instructions: >-
        Review protobuf definitions for wire compatibility, stable field
        numbers, clear naming, validation implications, and generated-client
        impact. Avoid comments on imported/generated proto files unless a
        compatibility issue is introduced.
    - path: "rest-api/openapi/spec.yaml"
      instructions: >-
        Review the OpenAPI specification for request/response compatibility,
        schema correctness, required/nullable semantics, examples, operation
        naming, and consistency with implemented handlers. Ensure any REST API
        model attribute additions/changes and any new endpoint definitions are
        reflected here.
    - path: "rest-api/openapi/**"
      instructions: >-
        Review OpenAPI docs and examples for accuracy, deprecation clarity,
        client-facing compatibility, spelling, and consistency with
        `spec.yaml`.
    - path: "deploy/**"
      instructions: >-
        Review Kubernetes kustomize manifests for namespace/name consistency,
        RBAC scope, probes, resource requests, secret/config references, and
        upgrade-safe changes.
    - path: "helm/**"
      instructions: >-
        Review Helm charts for template correctness, values compatibility,
        Kubernetes API compatibility, security context, RBAC, probes, and
        upgrade behavior.
    - path: "helm-prereqs/**"
      instructions: >-
        Review prerequisite Helm resources and scripts for install ordering,
        cluster-scope permissions, secret handling, idempotency, and clear
        failure messages.
    - path: "rest-api/deploy/**"
      instructions: >-
        Review REST deployment manifests for local-kind and production
        consistency, kustomize layering, service wiring, environment variables,
        and secret/config references.
    - path: "rest-api/helm/**"
      instructions: >-
        Review REST Helm charts for values compatibility, template correctness,
        migrations, service account/RBAC scope, probes, and secret management.
    - path: "rest-api/temporal-helm/**"
      instructions: >-
        Review Temporal Helm changes for persistence compatibility, chart
        upgrade safety, service wiring, resource sizing, and avoiding drift from
        upstream assumptions.
    - path: "bluefield/**"
      instructions: >-
        Review BlueField-specific code and charts for DPU deployment safety,
        hardware assumptions, observability coverage, Kubernetes integration,
        and failure recovery.
    - path: "**/kustomization.yaml"
      instructions: >-
        Review kustomize files for resource references, patch target accuracy,
        name/namespace transformations, image overrides, and overlay/base
        consistency.
    - path: "**/Chart.yaml"
      instructions: >-
        Review chart metadata for dependency/version consistency, appVersion
        correctness, and compatibility with related values and templates.
    - path: "**/values*.yaml"
      instructions: >-
        Review Helm values for backward-compatible defaults, secret handling,
        image/tag consistency, resource settings, and comments that explain
        operator-facing knobs.
    - path: "docs/**"
      instructions: >-
        Review documentation for technical correctness, operator usability,
        broken links, stale command/API references, spelling, grammar, and
        consistency with current deployment and CLI behavior.
    - path: "book/**"
      instructions: >-
        Review mdBook content for architecture accuracy, clear operational
        guidance, internal link correctness, and consistency with repository
        terminology.
    - path: "fern/**"
      instructions: >-
        Review Fern publishing configuration for navigation accuracy, broken
        references, API documentation consistency, and avoiding drift from the
        OpenAPI spec.
    - path: "**/*.md"
      instructions: >-
        Review Markdown for correctness, clarity, spelling, grammar, working
        links, and whether commands/examples are realistic and safe.
    - path: "docs/index.yml"
      instructions: >-
        Review documentation navigation for broken paths, duplicate or stale
        entries, clear grouping, and slug compatibility.
    - path: ".github/workflows/**"
      instructions: >-
        Review GitHub Actions workflows for trigger correctness, permissions,
        secret handling, cache keys, artifact retention, concurrency, and CI
        coverage gaps.
    - path: "Makefile*"
      instructions: >-
        Review make and cargo-make tasks for reproducibility, dependency
        ordering, cross-platform assumptions, clear failure behavior, and
        consistency with documented commands.
    - path: "include/**"
      instructions: >-
        Review shared make fragments for task reuse, variable defaults,
        quoting, dependency ordering, and avoiding surprising changes to
        callers.
    - path: "scripts/**"
      instructions: >-
        Review scripts for shell safety, quoting, idempotency, dependency
        checks, error handling, and avoiding secret leakage in logs.
    - path: "dev/**"
      instructions: >-
        Review development tooling for local reproducibility, safe defaults,
        documented prerequisites, secret handling, and consistency with CI and
        deployment manifests.
    - path: "pxe/**"
      instructions: >-
        Review PXE assets and image-building configuration for boot
        compatibility, reproducibility, architecture-specific assumptions, and
        safe artifact generation.
    - path: "**/Dockerfile*"
      instructions: >-
        Review Dockerfiles for reproducible builds, minimal runtime surface,
        correct user/permissions, cache behavior, architecture support, and
        avoiding embedded secrets.
    - path: "Cargo.toml"
      instructions: >-
        Review workspace dependency changes for feature unification,
        compatibility with the pinned Rust toolchain, license/security impact,
        and unnecessary dependency additions.
    - path: "crates/**/Cargo.toml"
      instructions: >-
        Review crate manifests for accurate package metadata, dependency scope,
        workspace dependency reuse, feature flags, and test/dev dependency
        placement.
    - path: "Cargo.lock"
      instructions: >-
        Review lockfile changes for unexpected dependency churn, duplicate
        major versions, security-sensitive updates, and consistency with
        manifest changes.
    - path: "rest-api/go.mod"
      instructions: >-
        Review Go module changes for minimal dependency additions, replace
        directives, version compatibility, security impact, and consistency
        with generated SDK/module layout.
    - path: "rest-api/go.sum"
      instructions: >-
        Review checksum changes for unexpected dependency churn and consistency
        with `go.mod`.
    - path: "deny.toml"
      instructions: >-
        Review dependency policy changes for license/security implications and
        whether exceptions are narrowly scoped and justified.
    - path: "**/.golangci.yml"
      instructions: >-
        Review Go lint configuration for signal-to-noise, CI compatibility,
        generated-code exclusions, and avoiding broad suppressions.
    - path: "**/*.sh"
      instructions: >-
        Review shell scripts for quoting, strict-mode assumptions, error
        propagation, portability, idempotency, and secret-safe logging.
    - path: "**/*.yml"
      instructions: >-
        Review YAML changes for schema correctness, indentation, duplicated
        keys, environment-specific assumptions, and secret-safe defaults.
    - path: "**/*.yaml"
      instructions: >-
        Review YAML changes for schema correctness, indentation, duplicated
        keys, environment-specific assumptions, and secret-safe defaults.
  auto_review:
    enabled: true
    ignore_usernames: [] # Add usernames here to opt-out of auto-review
knowledge_base:
  code_guidelines:
    enabled: true
    filePatterns:
      - AGENTS.md
      - README.md
      - CONTRIBUTING.md
      - STYLE_GUIDE.md
      - rest-api/AGENTS.md
      - rest-api/README.md
      - rest-api/CONTRIBUTING.md
issue_enrichment:
  planning:
    enabled: true