chore(coderabbit): add custom finishing touch recipes

Author: nanotaboada

.coderabbit.yaml

@@ -1,9 +1,11 @@
+# yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json
+# https://docs.coderabbit.ai/getting-started/configure-coderabbit
+
 # CodeRabbit Configuration
 # Optimized for Node.js 24 (LTS) / Express.js 5 / TypeScript project
 
 language: en-US
 early_access: true
-enable_free_tier: true
 
 reviews:
   profile: chill
@@ -23,12 +25,9 @@ reviews:
   suggested_labels: true
   auto_apply_labels: false
   suggested_reviewers: false
-  auto_assign_reviewers: false
-  in_progress_fortune: true
   poem: false
   abort_on_close: true
 
-  # Path-based review instructions for this TypeScript/Express project
   path_instructions:
     - path: "src/**/*.ts"
       instructions: |
@@ -160,7 +159,6 @@ reviews:
         - Ensure environment variables are properly set
         - Validate volume configurations for persistence
 
-  # Ignore patterns for this project
   path_filters:
     - "!**/node_modules/**"
     - "!**/dist/**"
@@ -188,56 +186,122 @@ reviews:
       enabled: true
     unit_tests:
       enabled: true
+    custom:
+      - name: "sync documentation"
+        instructions: |
+          This is a PoC/learning project targeting developers unfamiliar with the stack.
+          Documentation is a first-class concern. Review the PR changes and perform the
+          following three checks:
+
+          ## 1. Method/function docstrings
+          For every public function, method, or handler touched in the PR:
+          - If it lacks a docstring/doc comment, add one using the idiomatic format
+            for the language and framework in use.
+          - If it has one but no longer matches the current signature, parameters,
+            or behavior, update it.
+          - Docstrings should explain *why* and *what*, not just restate the signature.
+            Assume the reader is learning the language.
+
+          ## 2. README.md
+          Check whether the PR introduces or removes endpoints, changes behavior,
+          adds dependencies, or modifies how to run the project.
+          If so, update the relevant sections of README.md to reflect the current state.
+          Do not rewrite sections unrelated to the changes.
+
+          ## 3. .github/copilot-instructions.md
+          If the PR introduces patterns, conventions, or architectural decisions that
+          should guide future AI-assisted contributions, add or update the relevant
+          instructions in .github/copilot-instructions.md.
+          Focus on things a developer (or AI assistant) unfamiliar with this specific
+          stack implementation should know before writing code here.
+
+      - name: "enforce http error handling"
+        instructions: |
+          Audit all HTTP handler functions in the changed files.
+          Ensure errors return appropriate HTTP status codes (400 for bad input,
+          404 for not found, 500 for unexpected errors) and a consistent JSON error
+          body with at least a "message" field.
+          Flag handlers that return 200 on error or swallow errors silently.
+          Use idiomatic error handling patterns for the language and framework in use.
+
+      - name: "idiomatic review"
+        instructions: |
+          Review the changed files for non-idiomatic patterns given the language and
+          framework in use. Flag code that looks like it was translated from another
+          language rather than written naturally for this stack. Suggest idiomatic
+          alternatives with brief explanations. This is a PoC comparison project,
+          so idiomatic usage is a first-class concern.
+
+      - name: "verify api contract"
+        instructions: |
+          Review the changed files and verify that all HTTP endpoints (method, path,
+          request body shape, and response shape) match the project's intended REST API
+          contract. Check the README or any spec/contract file in the repo for reference.
+          Flag any deviations — missing fields, wrong status codes, inconsistent naming.
+          Do not make changes; only report findings as a comment.
 
   pre_merge_checks:
     docstrings:
       mode: warning
-      threshold: 75
+      threshold: 80
     title:
       mode: warning
       requirements: |
         - Use Conventional Commits format (feat:, fix:, chore:, docs:, test:, refactor:)
         - Keep under 80 characters
         - Be descriptive and specific
     description:
-      mode: warning
+      mode: off
     issue_assessment:
-      mode: warning
+      mode: off
 
   tools:
-    # Relevant tools for TypeScript/Node.js projects
+    # Secret scanners
+    gitleaks:
+      enabled: true
+    trufflehog:
+      enabled: true
+
+    # IaC / infrastructure
+    checkov:
+      enabled: true
+    trivy:
+      enabled: true
+    hadolint:
+      enabled: true
+
+    # General static analysis
+    semgrep:
+      enabled: true
+    opengrep:
+      enabled: true
     eslint:
       enabled: true
     oxc:
       enabled: true
     biome:
       enabled: true
-    gitleaks:
-      enabled: true
-    checkov:
-      enabled: true
-    hadolint:
+    shellcheck:
       enabled: true
+
+    # File-type linters
     yamllint:
       enabled: true
     actionlint:
       enabled: true
-    semgrep:
-      enabled: true
     markdownlint:
       enabled: true
-    github-checks:
-      enabled: true
-      timeout_ms: 120000
     dotenvLint:
       enabled: true
     checkmake:
       enabled: true
     osvScanner:
       enabled: true
-    shellcheck:
+    github-checks:
       enabled: true
-    # Disable irrelevant tools for TypeScript project
+      timeout_ms: 120000
+
+    # Disable irrelevant tools for this TypeScript project
     ruff:
       enabled: false
     swiftlint:
@@ -288,6 +352,12 @@ reviews:
       enabled: false
     fortitudeLint:
       enabled: false
+    stylelint:
+      enabled: false
+    blinter:
+      enabled: false
+    psscriptanalyzer:
+      enabled: false
 
 chat:
   art: true
@@ -300,10 +370,7 @@ knowledge_base:
   code_guidelines:
     enabled: true
     filePatterns:
-      - "CONTRIBUTING.md"
-      - "CODE_OF_CONDUCT.md"
       - ".github/copilot-instructions.md"
-      - ".cursorrules"
   learnings:
     scope: auto
   issues: