-
Notifications
You must be signed in to change notification settings - Fork 81
Expand file tree
/
Copy path.coderabbit.yaml
More file actions
119 lines (105 loc) · 3.53 KB
/
.coderabbit.yaml
File metadata and controls
119 lines (105 loc) · 3.53 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
# CodeRabbit Configuration — SolFoundry
# https://docs.coderabbit.ai/guides/configure-coderabbit
#
# CodeRabbit runs as a PRIVATE analysis layer feeding our multi-LLM pipeline.
# It does NOT post inline comments or review suggestions to contributors.
# Contributors only see our unified SolFoundry Review Bot output.
language: "en-US"
early_access: false
reviews:
profile: "assertive"
request_changes_workflow: false # Our LLM pipeline handles this
high_level_summary: false # Suppress the summary comment entirely
high_level_summary_placeholder: "@coderabbitai summary"
auto_title_placeholder: "@coderabbitai"
poem: false
review_status: false
walkthrough: false # Suppress walkthrough comment on PRs
sequence_diagrams: false
review_comment:
enabled: false # Disable inline review comments entirely
lgtm: "none" # Never post LGTM comments
changed_files_summary: false
abort_on_close: true
labeling_instructions: [] # No auto-labels
# Suppress ALL public-facing review output
path_filters: []
auto_review:
enabled: false
drafts: false
base_branches:
- main
# Disable ALL tools and inline review comments
# CodeRabbit's value is its analysis fed to our LLM judges via the API,
# not its public-facing comments
tools:
ast-grep:
enabled: false
github-checks:
enabled: false
biome:
enabled: false
hadolint:
enabled: false
shellcheck:
enabled: false
yamllint:
enabled: false
markdownlint:
enabled: false
languagetool:
enabled: false
ruff:
enabled: false
eslint:
enabled: false
pylint:
enabled: false
oxc:
enabled: false
clippy:
enabled: false
rubocop:
enabled: false
path_instructions:
- path: "**"
instructions: |
You are reviewing a bounty submission. Your review will be consumed by
an automated LLM pipeline, NOT shown directly to the contributor.
Be DETAILED and SPECIFIC in your analysis — include exact issues,
affected files, line numbers, and technical details. This information
helps our LLM judges score accurately.
Do NOT post inline review comments. Do NOT post code suggestions.
Only produce the walkthrough analysis for the API — it will be consumed
programmatically by our review pipeline.
- path: "contracts/**"
instructions: |
Solana smart contract code (Rust/Anchor). Analyze deeply:
- Arithmetic overflow/underflow risks
- Access control and PDA validation gaps
- Reentrancy and CPI safety
- Account validation and constraint checks
Be thorough — this handles real money.
- path: "backend/**"
instructions: |
Python FastAPI backend. Analyze thoroughly:
- Input validation and SQL injection vectors
- Authentication/authorization gaps
- Error handling and edge case coverage
- API contract consistency with spec
- path: "frontend/**"
instructions: |
React/TypeScript frontend. Check:
- Component structure and state management
- XSS prevention
- Integration with existing components
- Error/loading/empty state handling
- path: ".github/**"
instructions: |
Skip reviewing GitHub Actions — this is maintained by the core team.
chat:
auto_reply: false # Don't auto-reply to comments either
knowledge_base:
opt_out: false
learnings:
scope: "auto"