.coderabbit.yaml

# Enables IDE autocompletion for this config file
# yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

# Language for CodeRabbit's review comments
language: en

# Enable experimental features (currently not using any specific early_access features)
early_access: true

chat:
  # CodeRabbit will automatically respond to @coderabbitai mentions in PR comments
  auto_reply: true

issue_enrichment:
  labeling:
    auto_apply_labels: true
    labeling_instructions:
      - label: bug
        instructions: Issues reporting bugs, errors, crashes, incorrect behavior, or unexpected results. This includes runtime errors, logic errors, broken functionality, regressions, and any deviation from expected or documented behavior.
      - label: enhancement
        instructions: Feature requests, improvements to existing functionality, performance optimizations, refactoring suggestions, UI/UX enhancements, and any suggestions to make the project better or add new capabilities.
      - label: documentation
        instructions: Documentation updates, additions, corrections, or clarifications needed. This includes missing docs, outdated information, unclear instructions, API documentation, code examples, README improvements, and any requests for better explanations or guides.
  planning:
    enabled: true
    auto_planning:
      enabled: true
      labels:
        - "plan-me" # Auto-plan issues with this label
        - "feature" # Also auto-plan these
        - "!no-plan" # Never auto-plan issues with this label

reviews:
  profile: assertive # Options: chill (focuses on significant issues, less nitpicky about style), assertive (more thorough, flags style issues and minor improvements too)

  auto_review:
    # Automatically trigger reviews when PRs are opened or updated
    enabled: true
    # Skip auto-review if PR title contains these keywords
    ignore_title_keywords:
      - "WIP"
    # Don't auto-review draft PRs
    drafts: false
    # Only auto-review PRs targeting these branches
    base_branches:
      - main
      - develop

  # Include a high-level summary at the start of each review
  high_level_summary: true

  # Generate sequence diagrams for complex code flows
  sequence_diagrams: true

  # Include poems in reviews
  poem: true

  # Show review completion status
  review_status: true

  # Keep the walkthrough section expanded by default
  collapse_walkthrough: false

  # Include summary of all changed files
  changed_files_summary: true

  # Automatically request changes on the PR (just leave comments)
  request_changes_workflow: true

  # Pre-merge checks to enforce before merging PRs
  pre_merge_checks:
    description:
      # Validate that PR has a proper description
      mode: warning # Options: off, warning, error
    docstrings:
      # Disable docstring coverage checks (let's assume we don't need them)
      mode: off

  # Exclude these paths from reviews (build artifacts and dependencies)
  path_filters:
    - "!**/node_modules/**" # npm dependencies
    - "!**/android/**" # Native Android build files
    - "!**/ios/**" # Native iOS build files
    - "!**/.expo/**" # Expo build cache
    - "!**/.expo-shared/**" # Expo shared config
    - "!**/dist/**" # Build output

  # Use the following tools when reviewing
  tools:
    shellcheck:
      enabled: true
    ruff:
      enabled: true
    markdownlint:
      enabled: true
    github-checks:
      enabled: true
      timeout_ms: 90000
    languagetool:
      enabled: true
      enabled_only: false
      level: default
    biome:
      enabled: true
    hadolint:
      enabled: true
    swiftlint:
      enabled: true
    phpstan:
      enabled: true
      level: default
    golangci-lint:
      enabled: true
    yamllint:
      enabled: true
    gitleaks:
      enabled: true
    checkov:
      enabled: true
    detekt:
      enabled: true
    eslint:
      enabled: true

  # Apply the following labels to PRs
  labeling_instructions:
    - label: Python Lang
      instructions: Apply when the PR/MR contains changes to python source-code
    - label: Solidity Lang
      instructions: Apply when the PR/MR contains changes to solidity source-code
    - label: Typescript Lang
      instructions: Apply when the PR/MR contains changes to javascript or typescript source-code
    - label: Ergoscript Lang
      instructions: Apply when the PR/MR contains changes to ergoscript source-code
    - label: Bash Lang
      instructions: >-
        Apply when the PR/MR contains changes to shell-scripts or BASH code
        snippets
    - label: Make Lang
      instructions: >-
        Apply when the PR/MR contains changes to the file `Makefile` or makefile
        code snippets
    - label: Documentation
      instructions: >-
        Apply whenever project documentation (namely markdown source-code) is
        updated by the PR/MR
    - label: Linter
      instructions: >-
        Apply when the purpose of the PR/MR is related to fixing the feedback
        from a linter

  # Review instructions that apply to all files
  instructions: >-
    - Verify that documentation and comments are free of spelling mistakes
    - Ensure that test code is automated, comprehensive, and follows testing best practices
    - Verify that all critical functionality is covered by tests
    - Confirm that the code meets the project's requirements and objectives
    - Confirm that copyright years are up-to date whenever a file is changed
    - Point out redundant obvious comments that do not add clarity to the code
    - Ensure that comments are concise and suggest more concise comment statements if possible
    - Discourage usage of verbose comment styles such as NatSpec
    - Look for code duplication
    - Suggest code completions when:
        - seeing a TODO comment
        - seeing a FIXME comment

  # Custom review instructions for specific file patterns
  path_instructions:
    # TypeScript/JavaScript files
    - path: "**/*.{ts,tsx,js,jsx}"
      instructions: |
        NextJS:
        - Ensure that "use client" is being used
        - Ensure that only features that allow pure client-side rendering are used
        - NextJS best practices (including file structure, API routes, and static generation methods) are used.
      
        TypeScript:
        - Avoid 'any', use explicit types
        - Prefer 'import type' for type imports
        - Review for significant deviations from Google JavaScript style guide. Minor style issues are not a priority
        - The code adheres to best practices associated with React
        - The code adheres to best practices associated with React PWA
        - The code adheres to best practices associated with SPA
        - The code adheres to best practices recommended by lighthouse or similar tools for performance
        - The code adheres to best practices associated with Node.js
        - The code adheres to best practices recommended for performance

        Security:
        - No exposed API keys or sensitive data
        - Use expo-secure-store for sensitive storage
        - Validate deep linking configurations
        - Check for common security vulnerabilities such as:
          - SQL Injection
          - XSS (Cross-Site Scripting)
          - CSRF (Cross-Site Request Forgery)
          - Insecure dependencies
          - Sensitive data exposure

        Internationalization:
        - User-visible strings should be externalized to resource files (i18n)

    # HTML files
    - path: "**/*.html"
      instructions: |
        Review the HTML code against the google html style guide and point out any mismatches. Ensure that:
        - The code adheres to best practices recommended by lighthouse or similar tools for performance

    # CSS files
    - path: "**/*.css"
      instructions: |
        Review the CSS code against the google css style guide and point out any mismatches. Ensure that:
        - The code adheres to best practices associated with CSS.
        - The code adheres to best practices recommended by lighthouse or similar tools for performance.
        - The code adheres to similar naming conventions for classes, ids.

    # Python files
    - path: "**/*.{py}"
      instructions: |
        Python:
        - Check for major PEP 8 violations and Python best practices. 

    # Solidity Smart Contract files
    - path: "**/*.sol"
      instructions: |
        Solidity:
        - Review the Solidity contracts for security vulnerabilities and adherence to best practices.
        - Ensure immutability is used appropriately (e.g., `immutable` and `constant` where applicable).
        - Ensure there are no unbounded loops that could lead to gas exhaustion.
        - Verify correct and explicit visibility modifiers for all state variables and functions.
        - Flag variables that are declared but used only once or are unnecessary.
        - Identify potential gas optimization opportunities without compromising readability or security.
        - Verify that any modification to contract logic includes corresponding updates to automated tests.
        - Ensure failure paths and revert scenarios are explicitly handled and validated.
        - Validate proper access control enforcement (e.g., Ownable, RBAC, role checks).
        - Ensure consistent and correct event emission for all state-changing operations.
        - Confirm architectural consistency with existing contracts (no unintended storage layout changes unless clearly documented).
        - Flag major feature additions or architectural changes that were implemented without prior design discussion (if applicable).
        - Flag pull requests that mix unrelated changes or multiple concerns in a single submission.
        - Ensure security-sensitive logic changes are not introduced without adequate test coverage.
        - Review for common smart contract vulnerabilities, including but not limited to:
            - Reentrancy
            - Improper input validation
            - Access control bypass
            - Integer overflows/underflows (if using unchecked blocks)
            - Front-running risks where applicable


    # Javascript/Typescript test files
    - path: "**/*.test.{ts,tsx,js,jsx}"
      instructions: |
        Review test files for:
        - Comprehensive coverage of component behavior
        - Proper use of @testing-library/react-native
        - Async behavior is properly tested
        - Accessibility testing is included
        - Test descriptions are sufficiently detailed to clarify the purpose of each test
        - The tests are not tautological 

    # Solidity test files
    - path: "**/*.test.{sol}"
      instructions: |
        Review test files for:
        - Comprehensive coverage of contract behavior.
        - Coverage of success paths, edge cases, and failure/revert scenarios.
        - Proper validation of access control restrictions.
        - Verification of event emissions where applicable.
        - Explicit validation of state changes after each relevant function call.
        - Adequate test updates whenever contract logic is modified.
        - Deterministic behavior (tests should not rely on implicit execution order or shared mutable state).
        - Clear and descriptive test names that reflect the intended behavior being validated.


    # Asset files (images, fonts, etc.)
    - path: "assets/**/*"
      instructions: |
        Review asset files for:
        - Image optimization (appropriate size and format)
        - Proper @2x and @3x variants for different screen densities
        - SVG assets are optimized
        - Font files are licensed and optimized