@@ -7,20 +7,6 @@ language: en
77# Enable experimental features (currently not using any specific early_access features)
88early_access : true
99
10- # Multi-repo analysis: lets CodeRabbit use other repositories as context when reviewing PRs.
11- # Most useful when linking tightly coupled repos, e.g.:
12- # - Frontend ↔ backend (API contract changes)
13- # - Service ↔ shared library (ripple-effect on consumers)
14- # - Microservices sharing a database schema
15- # Avoid configuring this at org level — link only the repos relevant to this project.
16- # See: https://docs.coderabbit.ai/knowledge-base/multi-repo-analysis
17- #
18- # To enable, uncomment the block below and replace the example values with your repos.
19- # knowledge_base:
20- # linked_repositories:
21- # - repository: "AOSSIE-Org/backend-api"
22- # instructions: "Contains REST API endpoints and database models"
23-
2410chat :
2511 # CodeRabbit will automatically respond to @coderabbitai mentions in PR comments
2612 auto_reply : true
@@ -92,19 +78,14 @@ reviews:
9278
9379 # Exclude these paths from reviews (build artifacts and dependencies)
9480 path_filters :
95- - " !**/node_modules/**" # npm dependencies
96- - " !**/android/**" # Native Android build files
97- - " !**/ios/**" # Native iOS build files
98- - " !**/.expo/**" # Expo build cache
99- - " !**/.expo-shared/**" # Expo shared config
81+ - " !**/vendor/**" # Go dependencies
10082 - " !**/dist/**" # Build output
83+ - " !**/data/**" # SQLite database volume
10184
10285 # Use the following tools when reviewing
10386 tools :
10487 shellcheck :
10588 enabled : true
106- ruff :
107- enabled : true
10889 markdownlint :
10990 enabled : true
11091 github-checks :
@@ -114,38 +95,17 @@ reviews:
11495 enabled : true
11596 enabled_only : false
11697 level : default
117- biome :
118- enabled : true
119- hadolint :
120- enabled : true
121- swiftlint :
122- enabled : true
123- phpstan :
124- enabled : true
125- level : default
12698 golangci-lint :
12799 enabled : true
128100 yamllint :
129101 enabled : true
130102 gitleaks :
131103 enabled : true
132- checkov :
133- enabled : true
134- detekt :
135- enabled : true
136- eslint :
137- enabled : true
138104
139105 # Apply the following labels to PRs
140106 labeling_instructions :
141- - label : Python Lang
142- instructions : Apply when the PR/MR contains changes to python source-code
143- - label : Solidity Lang
144- instructions : Apply when the PR/MR contains changes to solidity source-code
145- - label : Typescript Lang
146- instructions : Apply when the PR/MR contains changes to javascript or typescript source-code
147- - label : Ergoscript Lang
148- instructions : Apply when the PR/MR contains changes to ergoscript source-code
107+ - label : Go Lang
108+ instructions : Apply when the PR/MR contains changes to go source-code
149109 - label : Bash Lang
150110 instructions : >-
151111 Apply when the PR/MR contains changes to shell-scripts or BASH code
@@ -172,130 +132,34 @@ reviews:
172132 - Confirm that copyright years are up-to date whenever a file is changed
173133 - Point out redundant obvious comments that do not add clarity to the code
174134 - Ensure that comments are concise and suggest more concise comment statements if possible
175- - Discourage usage of verbose comment styles such as NatSpec
176135 - Look for code duplication
177136 - Suggest code completions when:
178137 - seeing a TODO comment
179138 - seeing a FIXME comment
180139
181140 # Custom review instructions for specific file patterns
182141 path_instructions :
183- # TypeScript/JavaScript files
184- - path : " **/*.{ts,tsx,js,jsx}"
185- instructions : |
186- NextJS:
187- - Ensure that "use client" is being used
188- - Ensure that only features that allow pure client-side rendering are used
189- - NextJS best practices (including file structure, API routes, and static generation methods) are used.
190-
191- TypeScript:
192- - Avoid 'any', use explicit types
193- - Prefer 'import type' for type imports
194- - Review for significant deviations from Google JavaScript style guide. Minor style issues are not a priority
195- - The code adheres to best practices associated with React
196- - The code adheres to best practices associated with React PWA
197- - The code adheres to best practices associated with SPA
198- - The code adheres to best practices recommended by lighthouse or similar tools for performance
199- - The code adheres to best practices associated with Node.js
200- - The code adheres to best practices recommended for performance
201-
202- Security:
203- - No exposed API keys or sensitive data
204- - Use expo-secure-store for sensitive storage
205- - Validate deep linking configurations
206- - Check for common security vulnerabilities such as:
207- - SQL Injection
208- - XSS (Cross-Site Scripting)
209- - CSRF (Cross-Site Request Forgery)
210- - Insecure dependencies
211- - Sensitive data exposure
212-
213- Internationalization:
214- - User-visible strings should be externalized to resource files (i18n)
215-
216- # HTML files
217- - path : " **/*.html"
142+ # Go files
143+ - path : " **/*.go"
218144 instructions : |
219- Review the HTML code against the google html style guide and point out any mismatches. Ensure that:
220- - The code adheres to best practices recommended by lighthouse or similar tools for performance
221-
222- # CSS files
223- - path : " **/*.css"
224- instructions : |
225- Review the CSS code against the google css style guide and point out any mismatches. Ensure that:
226- - The code adheres to best practices associated with CSS.
227- - The code adheres to best practices recommended by lighthouse or similar tools for performance.
228- - The code adheres to similar naming conventions for classes, ids.
229-
230- # Python files
231- - path : " **/*.{py}"
232- instructions : |
233- Python:
234- - Check for major PEP 8 violations and Python best practices.
235-
236- # Solidity Smart Contract files
237- - path : " **/*.sol"
238- instructions : |
239- Solidity:
240- - Review the Solidity contracts for security vulnerabilities and adherence to best practices.
241- - Ensure immutability is used appropriately (e.g., `immutable` and `constant` where applicable).
242- - Ensure there are no unbounded loops that could lead to gas exhaustion.
243- - Verify correct and explicit visibility modifiers for all state variables and functions.
244- - Flag variables that are declared but used only once or are unnecessary.
245- - Identify potential gas optimization opportunities without compromising readability or security.
246- - Verify that any modification to contract logic includes corresponding updates to automated tests.
247- - Ensure failure paths and revert scenarios are explicitly handled and validated.
248- - Validate proper access control enforcement (e.g., Ownable, RBAC, role checks).
249- - Ensure consistent and correct event emission for all state-changing operations.
250- - Confirm architectural consistency with existing contracts (no unintended storage layout changes unless clearly documented).
251- - Flag major feature additions or architectural changes that were implemented without prior design discussion (if applicable).
252- - Flag pull requests that mix unrelated changes or multiple concerns in a single submission.
253- - Ensure security-sensitive logic changes are not introduced without adequate test coverage.
254- - Review for common smart contract vulnerabilities, including but not limited to:
255- - Reentrancy
256- - Improper input validation
257- - Access control bypass
258- - Integer overflows/underflows (if using unchecked blocks)
259- - Front-running risks where applicable
260-
261-
262- # Javascript/Typescript test files
263- - path : " **/*.test.{ts,tsx,js,jsx}"
145+ Go:
146+ - Check for idiomatic Go code and adherence to Effective Go principles.
147+ - Ensure proper error handling is performed (no ignored errors).
148+ - Validate concurrency safety (proper use of goroutines, channels, sync package).
149+ - Ensure data persistence queries (e.g. SQLite) use parameterized queries to prevent SQL injection.
150+ - Verify that context is propagated through function calls, especially for database operations and outgoing requests.
151+ - Check that API handlers handle edge cases and send proper HTTP status codes.
152+
153+ # Go test files
154+ - path : " **/*_test.go"
264155 instructions : |
265156 Review test files for:
266- - Comprehensive coverage of component behavior
267- - Proper use of @testing-library/react-native
268- - Async behavior is properly tested
269- - Accessibility testing is included
270- - Test descriptions are sufficiently detailed to clarify the purpose of each test
271- - The tests are not tautological
272-
273- # Solidity test files
274- - path : " **/*.test.{sol}"
275- instructions : |
276- Review test files for:
277- - Comprehensive coverage of contract behavior.
278- - Coverage of success paths, edge cases, and failure/revert scenarios.
279- - Proper validation of access control restrictions.
280- - Verification of event emissions where applicable.
281- - Explicit validation of state changes after each relevant function call.
282- - Adequate test updates whenever contract logic is modified.
283- - Deterministic behavior (tests should not rely on implicit execution order or shared mutable state).
284- - Clear and descriptive test names that reflect the intended behavior being validated.
285-
286-
287- # Asset files (images, fonts, etc.)
288- - path : " assets/**/*"
289- instructions : |
290- Review asset files for:
291- - Image optimization (appropriate size and format)
292- - Proper @2x and @3x variants for different screen densities
293- - SVG assets are optimized
294- - Font files are licensed and optimized
157+ - Comprehensive coverage of expected behavior and failure scenarios.
158+ - Use of table-driven tests where appropriate.
159+ - Proper mocking of external dependencies like the SQLite store.
295160
296161 # Dependency manifest and lock files (e.g. updated by Dependabot, Renovate)
297- - path : >-
298- **/{package.json,package-lock.json,yarn.lock,pnpm-lock.yaml,npm-shrinkwrap.json,requirements.txt,Pipfile,Pipfile.lock,pyproject.toml,poetry.lock,go.mod,go.sum,Cargo.toml,Cargo.lock,pom.xml,build.gradle,build.gradle.kts,gradle.lockfile,*.gemspec,Gemfile,Gemfile.lock}
162+ - path : " **/{go.mod,go.sum}"
299163 instructions : |
300164 This file may be modified by a dependency bot (e.g., Dependabot, Renovate).
301165 Perform a structured dependency upgrade analysis:
@@ -306,32 +170,10 @@ reviews:
306170
307171 **2. Breaking Change Detection**
308172 - Breaking changes: removed or renamed APIs, changed function signatures, altered behavior.
309- - Deprecated APIs: warn if the codebase uses anything deprecated in the new version.
310- - Configuration changes: new required env vars, config keys, or file structure changes.
311173 - Security fixes: highlight CVE patches and confirm they address known vulnerabilities.
312174
313175 **3. Codebase Compatibility Check**
314176 - Locate all files in the repo that import or use the upgraded dependency.
315- - For each usage, verify:
316- - No removed or renamed imports/functions are referenced.
317- - Constructor/function call signatures are compatible.
318- - Any default behavior changes do not silently break existing logic.
319-
320- **4. Risk Analysis**
321- - Runtime errors: type mismatches, missing attributes, changed return types.
322- - API incompatibility: breaking interface/type changes (critical for TypeScript).
323- - Logical bugs: subtle behavior changes that don't throw errors but alter outcomes.
324- - Performance regressions: flag if release notes mention perf impacts.
325-
326- **5. Edge Cases to Verify**
327- - Backward compatibility with currently pinned peer dependencies.
328- - Changes in default behavior or environment assumptions.
329- - Peer requirement conflicts introduced by the new version.
330- - For TypeScript: type/interface changes that may require type assertion updates.
331-
332- **6. Migration Guidance**
333- - If official docs provide migration steps, summarize the required changes and flag
334- specific files in this repo that need updates.
335- - If no migration is required, confirm this explicitly.
177+ - For each usage, verify that changes do not silently break existing logic.
336178
337179 Conclude with a **risk level**: Low / Medium / High, with justification.
0 commit comments