Add CodeRabbit configuration file (.coderabbit.yaml)

[anshulchikhale30-p]

Summary

This PR adds the standardized .coderabbit.yaml configuration file from the AOSSIE Template Repository.

Purpose

• Enables consistent automated review behavior
• Discourages verbose or boilerplate comments
• Encourages concise, high-quality documentation
• Aligns this repository with organization-wide standards

Summary by CodeRabbit

• Chores

  • Configured automated code review and quality assurance platform with integrated support for multiple programming languages, linting tools, security scanning, and compliance verification workflows.

• Documentation

  • Updated README with minor content revisions.

[coderabbitai]

Warning

Ignoring CodeRabbit configuration file changes. For security, only the configuration from the base branch is applied for open source repositories.

📝 Walkthrough

Walkthrough

Adds a comprehensive CodeRabbit YAML configuration file enabling IDE autocompletion, review automation, issue enrichment, and multi-tool review workflows with specific rules and settings across nine major configuration sections. Removes two lines from README.md closing text.

Changes

Cohort / File(s)	Summary
CodeRabbit Configuration .coderabbit.yaml	Added 280-line YAML configuration defining global settings (language, early access), chat auto-reply, issue enrichment with auto-labeling and planning, review profiles and automation toggles, pre-merge checks, path filters, enabled tools (shellcheck, ruff, markdownlint, languagetool, biome, hadolint, swiftlint, phpstan, golangci-lint, yamllint, gitleaks, checkov, detekt, eslint), labeling instructions for multiple languages and domains, quality/compliance directives, and per-path guidance.
Documentation README.md	Removed closing attribution lines from Contributing section.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~20 minutes

Poem

🐰 With whiskers twitching, configs aligned,
CodeRabbit hops through review refined,
Automation flows like carrots in spring,
Every tool purrs, a harmonious ring! 🥕✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and directly describes the main change: adding a CodeRabbit configuration file. It is concise, specific, and accurately summarizes the primary objective of the pull request.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (2)

.coderabbit.yaml (2)

34-34: profile: assertive + request_changes_workflow: true is an aggressive combination — verify intent.

With these two settings active together, CodeRabbit will flag style-level nits (assertive) and formally request changes on the PR, potentially blocking merges until every nitpick is resolved. This may create friction for contributors on a prototype/exploratory repository.

If the goal is visibility without blocking, consider request_changes_workflow: false (leave comments only).

Also applies to: 68-68

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.coderabbit.yaml at line 34, The .coderabbit.yaml currently sets profile:
assertive together with request_changes_workflow: true which will both flag
style-level nits and automatically request changes on PRs; update the
configuration to align intent by either changing profile to chill if you want
fewer style nit reports, or setting request_changes_workflow: false if you want
assertive visibility without blocking merges, and document the chosen behavior
so reviewers know whether CodeRabbit should only comment
(request_changes_workflow: false) or actively block (request_changes_workflow:
true).

---

217-217: Redundant single-element brace expansion in glob pattern.

**/*.{py} is equivalent to **/*.py; the braces add no value. Same applies to **/*.test.{sol} at line 260.

♻️ Proposed fix

-    - path: "**/*.{py}"
+    - path: "**/*.py"

-    - path: "**/*.test.{sol}"
+    - path: "**/*.test.sol"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.coderabbit.yaml at line 217, Replace the redundant brace expansions in the
glob patterns: change "**/*.{py}" to "**/*.py" and "**/*.test.{sol}" to
"**/*.test.sol" in the .coderabbit.yaml glob list (look for the path entries
containing "**/*.{py}" and "**/*.test.{sol}" and update those string values
accordingly).

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.coderabbit.yaml:
- Around line 170-186: The instructions block for path "**/*.{ts,tsx,js,jsx}"
currently contains irrelevant NextJS/React/PWA/SPA/Node.js guidance (the
"NextJS:" and many React-specific bullets) which causes spurious review noise
for this Solidity/EVM repo; remove those NextJS/React/PWA/SPA/Node.js bullets
and trim the block to only cross-cutting JS/TS concerns such as type safety
(avoid 'any', prefer "import type"), security checks, i18n, and
linting/performance guidelines so the "TypeScript:" section and its useful
bullets remain and the review engine will no longer flag unrelated client-side
best-practices for tooling/test scripts.
- Around line 153-166: The global review directives currently placed under
reviews.instructions are ignored because the reviews object forbids
additionalProperties; move that block into reviews.path_instructions using a
catch-all glob (e.g., "**/*") so the directives apply to all files, updating the
key from instructions to path_instructions and nesting the same rules under that
glob entry; locate the reviews.instructions block in .coderabbit.yaml and
replace it with an equivalent reviews.path_instructions entry containing the
same directives.

---

Nitpick comments:
In @.coderabbit.yaml:
- Line 34: The .coderabbit.yaml currently sets profile: assertive together with
request_changes_workflow: true which will both flag style-level nits and
automatically request changes on PRs; update the configuration to align intent
by either changing profile to chill if you want fewer style nit reports, or
setting request_changes_workflow: false if you want assertive visibility without
blocking merges, and document the chosen behavior so reviewers know whether
CodeRabbit should only comment (request_changes_workflow: false) or actively
block (request_changes_workflow: true).
- Line 217: Replace the redundant brace expansions in the glob patterns: change
"**/*.{py}" to "**/*.py" and "**/*.test.{sol}" to "**/*.test.sol" in the
.coderabbit.yaml glob list (look for the path entries containing "**/*.{py}" and
"**/*.test.{sol}" and update those string values accordingly).

[coderabbitai]

⚠️ Potential issue | 🟠 Major

reviews.instructions is not a valid schema field — these global review directives will be silently ignored.

The reviews object in the CodeRabbit v2 schema has additionalProperties: false, and instructions is not among its defined properties. As a result, the entire block of global review rules (doc-quality, copyright checks, NatSpec discouragement, TODO/FIXME handling, etc.) at lines 153–166 will have no effect at runtime.

The correct way to apply global instructions to all files is via reviews.path_instructions using a catch-all glob pattern:

🛠️ Proposed fix — move global instructions into a `path_instructions` catch-all

-  # Review instructions that apply to all files
-  instructions: >-
-    - Verify that documentation and comments are free of spelling mistakes
-    - Ensure that test code is automated, comprehensive, and follows testing best practices
-    - Verify that all critical functionality is covered by tests
-    - Confirm that the code meets the project's requirements and objectives
-    - Confirm that copyright years are up-to date whenever a file is changed
-    - Point out redundant obvious comments that do not add clarity to the code
-    - Ensure that comments are concise and suggest more concise comment statements if possible
-    - Discourage usage of verbose comment styles such as NatSpec
-    - Look for code duplication
-    - Suggest code completions when:
-        - seeing a TODO comment
-        - seeing a FIXME comment

   # Custom review instructions for specific file patterns
   path_instructions:
+    # Global instructions for all files
+    - path: "**/*"
+      instructions: |
+        - Verify that documentation and comments are free of spelling mistakes
+        - Ensure that test code is automated, comprehensive, and follows testing best practices
+        - Verify that all critical functionality is covered by tests
+        - Confirm that the code meets the project's requirements and objectives
+        - Confirm that copyright years are up-to-date whenever a file is changed
+        - Point out redundant obvious comments that do not add clarity to the code
+        - Ensure that comments are concise and suggest more concise comment statements if possible
+        - Discourage usage of verbose comment styles such as NatSpec
+        - Look for code duplication
+        - Suggest code completions when seeing a TODO or FIXME comment
     # TypeScript/JavaScript files

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	instructions: >-
	- Verify that documentation and comments are free of spelling mistakes
	- Ensure that test code is automated, comprehensive, and follows testing best practices
	- Verify that all critical functionality is covered by tests
	- Confirm that the code meets the project's requirements and objectives
	- Confirm that copyright years are up-to date whenever a file is changed
	- Point out redundant obvious comments that do not add clarity to the code
	- Ensure that comments are concise and suggest more concise comment statements if possible
	- Discourage usage of verbose comment styles such as NatSpec
	- Look for code duplication
	- Suggest code completions when:
	- seeing a TODO comment
	- seeing a FIXME comment
	# Custom review instructions for specific file patterns
	path_instructions:
	# Global instructions for all files
	- path: "**/*"
	instructions: |
	- Verify that documentation and comments are free of spelling mistakes
	- Ensure that test code is automated, comprehensive, and follows testing best practices
	- Verify that all critical functionality is covered by tests
	- Confirm that the code meets the project's requirements and objectives
	- Confirm that copyright years are up-to-date whenever a file is changed
	- Point out redundant obvious comments that do not add clarity to the code
	- Ensure that comments are concise and suggest more concise comment statements if possible
	- Discourage usage of verbose comment styles such as NatSpec
	- Look for code duplication
	- Suggest code completions when seeing a TODO or FIXME comment
	# TypeScript/JavaScript files

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.coderabbit.yaml around lines 153 - 166, The global review directives
currently placed under reviews.instructions are ignored because the reviews
object forbids additionalProperties; move that block into
reviews.path_instructions using a catch-all glob (e.g., "**/*") so the
directives apply to all files, updating the key from instructions to
path_instructions and nesting the same rules under that glob entry; locate the
reviews.instructions block in .coderabbit.yaml and replace it with an equivalent
reviews.path_instructions entry containing the same directives.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Next.js / React / PWA / SPA / Node.js instructions are irrelevant for an EVM smart-contracts repository.

This is IdentityTokens-EVM-Contracts — a Solidity/blockchain project. The TS/JS path instruction block enforces Next.js "use client", React PWA best practices, SPA patterns, and expo-secure-store, none of which apply here. Leaving them in will generate spurious review comments on any .ts/.js tooling or test files (e.g., Hardhat/Foundry scripts).

Consider trimming the block to only the cross-cutting concerns that actually apply (type safety, security, i18n):

✂️ Proposed trimmed TS/JS instructions

     - path: "**/*.{ts,tsx,js,jsx}"
       instructions: |
-        NextJS:
-        - Ensure that "use client" is being used
-        - Ensure that only features that allow pure client-side rendering are used
-        - NextJS best practices (including file structure, API routes, and static generation methods) are used.
-      
         TypeScript:
         - Avoid 'any', use explicit types
         - Prefer 'import type' for type imports
         - Review for significant deviations from Google JavaScript style guide. Minor style issues are not a priority
-        - The code adheres to best practices associated with React
-        - The code adheres to best practices associated with React PWA
-        - The code adheres to best practices associated with SPA
-        - The code adheres to best practices recommended by lighthouse or similar tools for performance
-        - The code adheres to best practices associated with Node.js
-        - The code adheres to best practices recommended for performance
 
         Security:
         - No exposed API keys or sensitive data
-        - Use expo-secure-store for sensitive storage
-        - Validate deep linking configurations
         - Check for common security vulnerabilities such as:
           - SQL Injection
           - XSS (Cross-Site Scripting)
           - CSRF (Cross-Site Request Forgery)
           - Insecure dependencies
           - Sensitive data exposure
 
         Internationalization:
         - User-visible strings should be externalized to resource files (i18n)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.coderabbit.yaml around lines 170 - 186, The instructions block for path
"**/*.{ts,tsx,js,jsx}" currently contains irrelevant
NextJS/React/PWA/SPA/Node.js guidance (the "NextJS:" and many React-specific
bullets) which causes spurious review noise for this Solidity/EVM repo; remove
those NextJS/React/PWA/SPA/Node.js bullets and trim the block to only
cross-cutting JS/TS concerns such as type safety (avoid 'any', prefer "import
type"), security checks, i18n, and linting/performance guidelines so the
"TypeScript:" section and its useful bullets remain and the review engine will
no longer flag unrelated client-side best-practices for tooling/test scripts.