forked from SolFoundry/solfoundry
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.coderabbit.yaml
More file actions
112 lines (99 loc) · 3.22 KB
/
.coderabbit.yaml
File metadata and controls
112 lines (99 loc) · 3.22 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
# CodeRabbit Configuration — SolFoundry
# https://docs.coderabbit.ai/guides/configure-coderabbit
#
# CodeRabbit runs as a PRIVATE analysis layer feeding our multi-LLM pipeline.
# It does NOT post inline comments or review suggestions to contributors.
# Contributors only see our unified SolFoundry Review Bot output.
language: "en-US"
early_access: false
reviews:
profile: "assertive"
request_changes_workflow: false # Our LLM pipeline handles this
high_level_summary: false # Suppress the summary comment entirely
high_level_summary_placeholder: "@coderabbitai summary"
auto_title_placeholder: "@coderabbitai"
poem: false
review_status: false
collapse_walkthrough: true
sequence_diagrams: false
changed_files_summary: false
abort_on_close: true
auto_review:
enabled: true
drafts: false
base_branches:
- main
# Disable ALL tools and inline review comments
# CodeRabbit's value is its analysis fed to our LLM judges via the API,
# not its public-facing comments
tools:
ast-grep:
enabled: false
github-checks:
enabled: false
biome:
enabled: false
hadolint:
enabled: false
shellcheck:
enabled: false
yamllint:
enabled: false
markdownlint:
enabled: false
languagetool:
enabled: false
ruff:
enabled: false
eslint:
enabled: false
pylint:
enabled: false
oxc:
enabled: false
clippy:
enabled: false
rubocop:
enabled: false
path_instructions:
- path: "**"
instructions: |
You are reviewing a bounty submission. Your review will be consumed by
an automated LLM pipeline, NOT shown directly to the contributor.
Be DETAILED and SPECIFIC in your analysis — include exact issues,
affected files, line numbers, and technical details. This information
helps our LLM judges score accurately.
Do NOT post inline review comments. Do NOT post code suggestions.
Only produce the walkthrough analysis for the API — it will be consumed
programmatically by our review pipeline.
- path: "contracts/**"
instructions: |
Solana smart contract code (Rust/Anchor). Analyze deeply:
- Arithmetic overflow/underflow risks
- Access control and PDA validation gaps
- Reentrancy and CPI safety
- Account validation and constraint checks
Be thorough — this handles real money.
- path: "backend/**"
instructions: |
Python FastAPI backend. Analyze thoroughly:
- Input validation and SQL injection vectors
- Authentication/authorization gaps
- Error handling and edge case coverage
- API contract consistency with spec
- path: "frontend/**"
instructions: |
React/TypeScript frontend. Check:
- Component structure and state management
- XSS prevention
- Integration with existing components
- Error/loading/empty state handling
- path: ".github/**"
instructions: |
Skip reviewing GitHub Actions — this is maintained by the core team.
chat:
auto_reply: false # Don't auto-reply to comments either
knowledge_base:
opt_out: false
learnings:
scope: "auto"