Skip to content
Merged
Show file tree
Hide file tree
Changes from 3 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
182 changes: 182 additions & 0 deletions .coderabbit.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,182 @@
# .coderabbit.yaml
# yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

language: "en-US"
early_access: false
focus: "balanced"

reviews:
profile: "assertive"
request_changes_workflow: false

high_level_summary: true
high_level_summary_in_walkthrough: true
review_status: true
review_details: true
commit_status: true
fail_commit_status: false

poem: false
in_progress_fortune: false
sequence_diagrams: false
estimate_code_review_effort: true
changed_files_summary: true

path_filters:
# Ignore generated / vendored / build output.
- "!vendor/**"
- "!bin/**"
- "!dist/**"
- "!build/**"
- "!coverage/**"
- "!tmp/**"

# Ignore common generated Go files unless you want generated code reviewed.
- "!**/*.pb.go"
- "!**/*_generated.go"
- "!**/mock_*.go"
- "!**/*_mock.go"

# Ignore lock / noise files if present.
- "!package-lock.json"
- "!pnpm-lock.yaml"
- "!yarn.lock"

path_instructions:
- path: "**/*.go"
instructions: >
Review as production Go code. Prioritize correctness, race conditions,
goroutine leaks, context cancellation, timeout handling, error wrapping,
nil-pointer risks, resource cleanup, defer placement, API compatibility,
interface design, dependency boundaries, and testability. Avoid generic
style comments when gofmt/golangci-lint already covers the issue.

- path: "cmd/**"
instructions: >
Focus on CLI/service entrypoint behavior: signal handling, graceful
shutdown, context propagation, configuration parsing, environment
variables, logging setup, exit codes, and backwards compatibility of
flags or command output.

- path: "internal/**"
instructions: >
Focus on package boundaries, hidden coupling, unexported API design,
concurrency safety, deterministic behavior, and whether logic belongs
in this internal package.

- path: "pkg/**"
instructions: >
Treat exported identifiers as public API. Flag breaking changes,
ambiguous contracts, missing error semantics, poor interface boundaries,
and changes that make downstream usage harder.

- path: "**/*_test.go"
instructions: >
Review tests for meaningful assertions, table-driven coverage, race-prone
tests, t.Parallel misuse, nondeterminism, leaked goroutines, real network
or filesystem dependencies, fragile sleeps, and missing edge cases.
Prefer testing observable behavior over implementation details.

- path: "**/go.mod"
instructions: >
Review dependency changes for unnecessary additions, major-version
upgrades, replace directives, indirect dependency churn, and module path
correctness.

- path: "**/go.sum"
instructions: >
Flag suspicious dependency churn, unexpected transitive dependency
explosions, or changes inconsistent with go.mod.

- path: ".github/workflows/**"
instructions: >
Review CI changes for Go version consistency, caching correctness,
reproducibility, permissions minimization, race detector usage where
appropriate, and whether tests/linting actually run on pull requests.

- path: "Dockerfile"
instructions: >
Review for small/reproducible Go builds, multi-stage build correctness,
non-root runtime users, static binary assumptions, CA certificates,
exposed ports, and unnecessary build secrets in image layers.

slop_detection:
enabled: true
label: "slop"

auto_review:
enabled: true
auto_incremental_review: true
auto_pause_after_reviewed_commits: 5
drafts: false
ignore_title_keywords:
- "WIP"
- "DO NOT REVIEW"
- "NO REVIEW"

finishing_touches:
docstrings:
enabled: false
unit_tests:
enabled: false
simplify:
enabled: false

pre_merge_checks:
title:
mode: "warning"
requirements: >
PR title should be concise and describe the user-visible or technical
change. Prefer conventional prefixes such as fix:, feat:, refactor:,
test:, docs:, chore:, or ci:.
description:
mode: "warning"
custom_checks:
- name: "No secrets"
mode: "warning"
instructions: >
Fail only if the PR appears to introduce hardcoded credentials,
API keys, tokens, private keys, passwords, production secrets,
or sensitive internal URLs.

- name: "Context propagation"
mode: "warning"
instructions: >
For server, CLI, worker, or network code, check that context.Context
is propagated correctly, cancellation is respected, and new goroutines
cannot leak indefinitely.

- name: "No accidental public API break"
mode: "warning"
instructions: >
For changes under pkg/** or exported Go identifiers, warn if the PR
changes exported types, function signatures, error behavior, JSON
fields, CLI flags, config keys, or documented behavior without clearly
explaining the compatibility impact.

tools:
github-checks:
enabled: true
timeout_ms: 90000

golangci-lint:
enabled: true
config_file: ".golangci.yml"

gitleaks:
enabled: true

actionlint:
enabled: true

shellcheck:
enabled: true

hadolint:
enabled: true

markdownlint:
enabled: true

chat:
auto_reply: true
8 changes: 4 additions & 4 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -7,13 +7,13 @@ help:
@echo "Targets:"
@echo " make quality-checks - gofmt, go mod tidy (no drift), go build, go vet, guard scripts, archtest; mod verify in CI or with LIP_VERIFY_MODULE_CACHE=1"
@echo " make regex-hotpath-check - forbid regexp.MustCompile in frontends/runtime (see scripts/)"
@echo " make test - quality-checks then full unit tests"
@echo " make test - quality-checks, full unit tests, and conformance parity checks"
@echo " make test-fast - quality-checks then tests for staged packages (or all)"
@echo " make test-unit - go test $(GO_TEST_FLAGS) ./... (excludes //go:build precommit tests)"
@echo " make test-precommit-extra - hygiene + executor matrices (-tags=precommit; also in pre-commit hook + CI)"
@echo " make test-race - race scan (skipped on Windows; macOS/Linux: scripts/race-check.sh)"
@echo " make test-fuzz - short fuzz smoke (FUZZTIME=500ms locally; CI uses 6s per target in .github/workflows/qa.yml)"
@echo " make parity-checks - conformance package tests only (-tags=integration; FE×BE matrix + parity suites; see docs/conformance-matrix-evidence.md)"
@echo " make parity-checks - conformance package tests only (-tags=precommit,integration; FE×BE matrix + parity suites; see docs/conformance-matrix-evidence.md)"
@echo " make release-gates - conformance package + all critical fuzz targets (race is separate: test-race / CI; see docs/release-gates.md)"
@echo " make bench - benchmarks (testkit, stream, core runtime/routing/diag, frontend encoders)"
@echo " make qa - quality-checks + one full test pass (-tags=precommit,integration) + lint + vuln (local)"
Expand All @@ -35,7 +35,7 @@ else
@bash scripts/regex-hotpath-check.sh
endif

test: quality-checks test-unit
test: quality-checks test-unit parity-checks

test-fast: quality-checks
ifeq ($(OS),Windows_NT)
Expand Down Expand Up @@ -92,7 +92,7 @@ test-fuzz:
$(GO) test -fuzz=FuzzHookMutationValidators$$ -fuzztime=$(FUZZTIME) -run=^$$ ./internal/core/hooks

parity-checks:
$(GO) test $(GO_TEST_FLAGS) -tags=integration ./internal/testkit/conformance/...
$(GO) test $(GO_TEST_FLAGS) -tags=precommit,integration ./internal/testkit/conformance/...

release-gates:
$(GO) test $(GO_TEST_FLAGS) -tags=integration ./internal/testkit/conformance/...
Expand Down
Loading
Loading