Add CodeRabbit AI integration configuration

AlmostBald-TRADING · AlmostBald-TRADING · commit 391056712d5b · 2025-10-20T01:06:49.000+02:00
- Add .coderabbit.yaml with security-focused configuration
- Configure path-specific instructions for different code areas
- Add auto-approval for small, safe changes
- Include ContextForge Memory-specific review prompts
- Add comprehensive setup guide for CodeRabbit AI
- Optimize for security, performance, and code quality reviews
diff --git a/.coderabbit.yaml b/.coderabbit.yaml
@@ -0,0 +1,157 @@
+# CodeRabbit AI Configuration for ContextForge Memory
+# https://docs.coderabbit.ai/guides/code-review-best-practices/
+
+# General settings
+review:
+  # Review tone - professional but friendly
+  tone: "professional"
+  
+  # Focus on security, performance, and code quality
+  focus:
+    - "security"
+    - "performance" 
+    - "code_quality"
+    - "best_practices"
+    - "documentation"
+
+# Ignore certain files and directories
+ignore:
+  paths:
+    - "**/*.pyc"
+    - "**/__pycache__/**"
+    - "**/.pytest_cache/**"
+    - "**/node_modules/**"
+    - "**/.venv/**"
+    - "**/venv/**"
+    - "**/data/**"
+    - "**/logs/**"
+    - "**/*.log"
+    - "**/safety-results.json"
+    - "**/audit-results.json"
+    - "**/.coverage"
+    - "**/coverage.xml"
+    - "**/dist/**"
+    - "**/build/**"
+    - "**/.mypy_cache/**"
+
+# Path-specific instructions
+path_instructions:
+  # API and main application code
+  - paths: ["src/**/*.py"]
+    instructions: |
+      Focus on:
+      - API design and RESTful principles
+      - Error handling and validation
+      - Security considerations (input validation, authentication)
+      - Performance implications
+      - Type hints and documentation
+      - FastAPI best practices
+
+  # Client libraries
+  - paths: ["clients/**/*"]
+    instructions: |
+      Focus on:
+      - API client design patterns
+      - Error handling and retry logic
+      - Type safety and interfaces
+      - Documentation and examples
+      - Cross-platform compatibility
+
+  # CI/CD and workflows
+  - paths: [".github/**/*"]
+    instructions: |
+      Focus on:
+      - Security best practices
+      - Workflow efficiency
+      - Proper permissions and secrets handling
+      - Dependabot configuration
+      - Security scanning setup
+
+  # Documentation
+  - paths: ["*.md", "docs/**/*"]
+    instructions: |
+      Focus on:
+      - Clarity and completeness
+      - Up-to-date information
+      - Proper markdown formatting
+      - Security policy accuracy
+      - Contribution guidelines
+
+  # Configuration files
+  - paths: ["requirements.txt", "pyproject.toml", "*.yaml", "*.yml"]
+    instructions: |
+      Focus on:
+      - Dependency security and versions
+      - Configuration best practices
+      - Security implications
+      - Proper formatting and structure
+
+# Review behavior
+behavior:
+  # Auto-approve if no issues found and all checks pass
+  auto_approve:
+    enabled: true
+    conditions:
+      - "no_security_issues"
+      - "no_critical_issues"
+      - "ci_passes"
+      - "small_change"
+
+  # Create issues for significant problems
+  create_issues:
+    enabled: true
+    threshold: "medium"
+
+# Security focus
+security:
+  # Enhanced security scanning
+  enabled: true
+  focus:
+    - "dependency_vulnerabilities"
+    - "secrets_detection"
+    - "injection_attacks"
+    - "authentication_bypass"
+    - "data_exposure"
+
+# Performance monitoring
+performance:
+  enabled: true
+  focus:
+    - "api_response_times"
+    - "memory_usage"
+    - "database_queries"
+    - "caching_strategies"
+
+# Integration settings
+integrations:
+  # GitHub integration
+  github:
+    # Comment on PRs
+    comment_on_pr: true
+    
+    # Create issues for problems
+    create_issues: true
+    
+    # Suggest changes
+    suggest_changes: true
+
+# Custom review prompts
+custom_prompts:
+  - name: "ContextForge Memory Review"
+    prompt: |
+      You are reviewing code for ContextForge Memory, a lightweight external memory layer.
+      
+      Key considerations:
+      - This is a memory service with store, search, and embed APIs
+      - Security is critical - this handles potentially sensitive data
+      - Performance matters - it should be fast and efficient
+      - The API should be simple and intuitive
+      - Code should be well-documented and maintainable
+      
+      Pay special attention to:
+      - Input validation and sanitization
+      - Error handling and edge cases
+      - API design consistency
+      - Security vulnerabilities
+      - Performance implications
+      - Code clarity and documentation
diff --git a/CODERABBIT_SETUP.md b/CODERABBIT_SETUP.md
@@ -0,0 +1,133 @@
+# CodeRabbit AI Integration Guide
+
+## 🚀 **Optimized Setup for CodeRabbit AI**
+
+Your repository is now configured for optimal CodeRabbit AI integration!
+
+## 📋 **Branch Protection Settings for CodeRabbit**
+
+Update your branch protection settings to work with CodeRabbit AI:
+
+### **Recommended Settings:**
+1. Go to: `https://github.com/VirtualAgentics/ConextForge_memory/settings/branches`
+2. Edit the `main` branch rule
+3. Configure:
+   - ✅ **Require a pull request before merging**
+   - ✅ **Required number of reviewers**: `1` (CodeRabbit will count as 1 reviewer)
+   - ✅ **Require review from code owners**: Keep enabled
+   - ✅ **Dismiss stale PR approvals when new commits are pushed**
+   - ✅ **Require status checks to pass before merging**
+   - ✅ **Require branches to be up to date before merging**
+   - ✅ **Require conversation resolution before merging**
+
+## 🔧 **CodeRabbit Configuration**
+
+The `.coderabbit.yaml` file includes:
+
+### **Security Focus:**
+- Dependency vulnerability scanning
+- Secrets detection
+- Input validation checks
+- Authentication bypass detection
+
+### **Performance Monitoring:**
+- API response time analysis
+- Memory usage optimization
+- Database query efficiency
+- Caching strategy suggestions
+
+### **ContextForge-Specific:**
+- Memory service best practices
+- API design consistency
+- Data handling security
+- Performance optimization
+
+## 🎯 **Best Practices with CodeRabbit**
+
+### **1. Small, Focused PRs**
+- Keep PRs under 400 lines when possible
+- One feature/fix per PR
+- Clear, descriptive commit messages
+
+### **2. Use CodeRabbit Commands**
+- `@coderabbitai review` - Get review on new changes
+- `@coderabbitai explain` - Get explanation of code
+- `@coderabbitai suggest` - Get improvement suggestions
+
+### **3. Interactive Features**
+- Ask questions in PR comments
+- Request specific types of analysis
+- Get explanations for complex logic
+
+## 🔍 **What CodeRabbit Will Check**
+
+### **Security:**
+- ✅ Dependency vulnerabilities
+- ✅ Hardcoded secrets
+- ✅ SQL injection risks
+- ✅ Input validation gaps
+- ✅ Authentication issues
+
+### **Code Quality:**
+- ✅ Type hints and documentation
+- ✅ Error handling
+- ✅ Code duplication
+- ✅ Performance bottlenecks
+- ✅ Best practices
+
+### **API Design:**
+- ✅ RESTful principles
+- ✅ Consistent naming
+- ✅ Proper HTTP status codes
+- ✅ Error response format
+
+## 🚀 **Getting Started**
+
+1. **Install CodeRabbit** (if not already done):
+   - Go to: https://coderabbit.ai
+   - Connect your GitHub account
+   - Install on this repository
+
+2. **Test the Integration**:
+   - Create a small test PR
+   - Watch CodeRabbit analyze your code
+   - Try the interactive commands
+
+3. **Customize Further**:
+   - Modify `.coderabbit.yaml` as needed
+   - Add project-specific instructions
+   - Configure team preferences
+
+## 📊 **Expected Benefits**
+
+- **Faster Reviews**: Automated first-pass analysis
+- **Better Security**: Proactive vulnerability detection
+- **Improved Quality**: Consistent code standards
+- **Learning**: Get explanations and best practices
+- **Efficiency**: Focus human time on architecture and design
+
+## 🔧 **Troubleshooting**
+
+### **CodeRabbit Not Responding:**
+- Check if it's installed on the repository
+- Verify the `.coderabbit.yaml` file is committed
+- Try `@coderabbitai review` command
+
+### **Too Many Comments:**
+- Adjust the `ignore` section in `.coderabbit.yaml`
+- Use `path_instructions` to focus on specific areas
+
+### **Missing Context:**
+- Add more specific instructions in `path_instructions`
+- Use the custom prompts section
+
+## 🎉 **You're All Set!**
+
+Your repository is now optimized for CodeRabbit AI integration. The AI will provide:
+- Automated security scanning
+- Code quality analysis
+- Performance suggestions
+- Best practice recommendations
+- Interactive code explanations
+
+Happy coding with AI-powered reviews! 🚀
