.coderabbit.yaml

# yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json
# CodeRabbit Pro Configuration for AI-Assisted DevOps Framework
# https://docs.coderabbit.ai/guides/review-instructions

language: "en-US"
early_access: false

tone_instructions: |
  This is an AI-Assisted DevOps Framework with comprehensive automation tools.
  Focus on shell script quality, security best practices, and DevOps automation patterns.
  Zero Technical Debt achieved - maintain A-grade ratings across all quality tools.

reviews:
  profile: "chill"
  high_level_summary: true
  poem: true
  review_status: true
  collapse_walkthrough: false
  sequence_diagrams: true

  # Abort in-progress reviews when PR is closed/merged to free up quota.
  # GH#3827: reduces wasted review cycles on PRs that are already resolved.
  abort_on_close: true

  # Auto-review settings — tuned to reduce rate-limit pressure (GH#3827).
  # When many PRs are open simultaneously, CodeRabbit's hourly commit review
  # limit is exhausted. These settings reduce the review volume per PR:
  # - auto_pause_after_reviewed_commits: pause after 3 commits (default 5)
  #   so each PR consumes fewer review slots before requiring manual resume
  # - auto_incremental_review: keep enabled so pushes get reviewed, but the
  #   pause threshold above limits how many times per PR
  # - ignore_title_keywords: skip WIP/draft-like PRs that aren't ready
  # - ignore_usernames: skip bot-authored PRs (dependabot, renovate) that
  #   have their own security review pipelines
  auto_review:
    enabled: true
    drafts: false
    auto_incremental_review: true
    auto_pause_after_reviewed_commits: 3
    ignore_title_keywords:
      - "WIP"
      - "DO NOT REVIEW"
      - "[skip review]"
    ignore_usernames:
      - "dependabot[bot]"
      - "renovate[bot]"
    labels:
      - "!no-review"

  # Request changes for critical issues — this is the setting that controls
  # whether CodeRabbit submits formal APPROVED/CHANGES_REQUESTED reviews.
  # Without this, CodeRabbit only posts comments (no formal review).
  # GH#3932: Confirmed via schema that review_status only controls status
  # messages in walkthrough comments, NOT formal review submission.
  request_changes_workflow: true

  # GH#3932: Enable commit status checks so review-bot-gate-helper.sh can
  # detect CodeRabbit activity via status API when formal reviews are missing
  # due to rate limiting. This provides a fallback signal for the merge gate.
  commit_status: true

  # Exclude certain files from review — expanded to reduce review scope
  # and conserve rate-limit budget (GH#3827).
  path_filters:
    - "!.agents/tmp/**"
    - "!.agents/memory/**"
    - "!*.log"
    - "!*.tmp"
    - "!*.lock"
    - "!package-lock.json"
    - "!yarn.lock"
    - "!pnpm-lock.yaml"
    - "!todo/tasks/*-brief.md"

  # Path-specific instructions
  path_instructions:
    - path: "providers/*.sh"
      instructions: |
        Provider helper scripts - focus on:
        - Consistent API patterns
        - Proper error handling
        - Security of credential handling
        - Input validation

    - path: ".agents/scripts/*.sh"
      instructions: |
        Automation scripts - focus on:
        - Reliability and robustness
        - Clear logging and feedback
        - Proper exit codes
        - Error recovery mechanisms

    - path: "templates/*.sh"
      instructions: |
        Template scripts - focus on:
        - Security (prompt injection protection)
        - Flexibility and reusability
        - Clear documentation
        - Safe defaults

    - path: "**/*.ts"
      instructions: |
        TypeScript files - focus on:
        - Type safety and proper typing
        - Error handling patterns
        - Clean code principles

  # Enable static analysis tools
  tools:
    shellcheck:
      enabled: true
    markdownlint:
      enabled: true
    hadolint:
      enabled: true
    actionlint:
      enabled: true
    yamllint:
      enabled: true
    gitleaks:
      enabled: true

chat:
  auto_reply: true