-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.coderabbit.yaml
More file actions
263 lines (263 loc) · 11.3 KB
/
.coderabbit.yaml
File metadata and controls
263 lines (263 loc) · 11.3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
# yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json
language: en-US
tone_instructions: "Safe Rust wrapper for Windows token privilege/elevation checks. Keep unsafe Win32 FFI confined to ffi.rs with SAFETY comments. Favor Result-based APIs with TokenPrivilegeError and return UnsupportedPlatform on non-Windows."
early_access: true
enable_free_tier: true
reviews:
profile: assertive
request_changes_workflow: true
high_level_summary: true
high_level_summary_placeholder: "@coderabbitai summary"
high_level_summary_in_walkthrough: true
auto_title_placeholder: "@coderabbitai"
auto_title_instructions: "Generate PR/MR titles following Conventional Commits format: type(scope): description. Use types: feat, fix, docs, style, refactor, perf, test, build, ci, chore. Preferred scopes: lib, api, error, elevation, privilege, privileges, ffi, safety, security, tests, docs, book, ci, deps, release. Keep descriptions concise and action-oriented, focusing on token-privilege behavior."
review_status: true
commit_status: true
fail_commit_status: false
collapse_walkthrough: true
changed_files_summary: true
sequence_diagrams: true
estimate_code_review_effort: true
assess_linked_issues: true
related_issues: true
related_prs: true
suggested_labels: true
auto_apply_labels: true
suggested_reviewers: true
auto_assign_reviewers: false
in_progress_fortune: true
poem: true
labeling_instructions:
- label: "bug"
instructions: "Apply when changes fix incorrect privilege/elevation behavior, API regressions, or runtime errors."
- label: "enhancement"
instructions: "Apply when changes add or expand functionality such as new constants, API capabilities, diagnostics, or tooling improvements."
- label: "documentation"
instructions: "Apply when changes are primarily docs-focused (README, rustdoc, mdBook, contribution or security docs)."
- label: "question"
instructions: "Apply when the PR primarily clarifies behavior, design choices, or usage guidance."
- label: "help wanted"
instructions: "Apply when follow-up work is identified and extra contributor attention would be useful."
- label: "priority:high"
instructions: "Apply when changes affect safety boundaries (unsafe FFI invariants), security posture, or release-blocking CI behavior."
- label: "priority:normal"
instructions: "Apply for routine maintenance, refactors, and standard feature work not requiring elevated urgency."
path_filters:
- "src/**"
- ".github/**"
- "!.github/workflows/release.yml"
- "*.md"
- "*.toml"
- "*.yaml"
- "*.yml"
- "*.json"
- "*.sh"
- "justfile"
- "!target/**"
- "!node_modules/**"
path_instructions:
- path: "src/lib.rs"
instructions: "Focus on public API design and re-exports: is_elevated(), is_privilege_enabled(), has_privilege(), enumerate_privileges(), PrivilegeInfo, TokenPrivilegeError, and privilege constants. Ensure rustdoc clearly documents errors and platform behavior."
- path: "src/error.rs"
instructions: "Verify TokenPrivilegeError variants are precise, user-facing messages are clear, and UnsupportedPlatform remains available for non-Windows callers."
- path: "src/elevation.rs"
instructions: "Review elevation detection logic and token query behavior; ensure robust error propagation and deterministic behavior across repeated calls."
- path: "src/privilege.rs"
instructions: "Review named privilege lookup, status checks, and privilege enumeration for correctness, stable behavior, and clear mapping to PrivilegeInfo fields."
- path: "src/ffi.rs"
instructions: "All unsafe code must remain confined here. Require explicit SAFETY comments on each unsafe block, correct HANDLE ownership via RAII, and no leaked or invalid handles."
- path: "src/**"
instructions: "Prefer safe APIs outside ffi.rs. Validate error handling paths (no panics in library code) and maintain idiomatic Rust with explicit platform gating where needed."
- path: "Cargo.toml"
instructions: "Review dependency and lint configuration for this crate. Ensure windows crate usage is target-specific (cfg(windows)), thiserror is used consistently, and clippy/rust lints match project policy."
- path: "justfile"
instructions: "Review developer workflow tasks (fmt, clippy, nextest, coverage, security scan) for cross-platform consistency with CI expectations."
- path: "tests/**"
instructions: "Ensure integration tests verify Windows behavior where applicable and non-Windows UnsupportedPlatform behavior elsewhere."
- path: "docs/**"
instructions: "Ensure docs reflect token-privilege architecture, safety contract, and read-only security model for privilege/elevation querying."
abort_on_close: true
disable_cache: false
auto_review:
enabled: true
auto_incremental_review: true
ignore_title_keywords: ["WIP", "draft", "do not merge"]
labels: []
drafts: false
base_branches: ["main"]
ignore_usernames: []
finishing_touches:
docstrings:
enabled: true
unit_tests:
enabled: true
pre_merge_checks:
docstrings:
mode: warning
threshold: 85
title:
mode: warning
requirements: "Must follow Conventional Commits specification: type(scope): description. Types: feat, fix, docs, style, refactor, perf, test, build, ci, chore. Breaking changes indicated with ! in header or BREAKING CHANGE: in footer."
description:
mode: warning
issue_assessment:
mode: warning
custom_checks:
- name: "unsafe-audit"
instructions: "Verify unsafe code is confined to src/ffi.rs (or platform-gated FFI modules only), each unsafe block has a clear SAFETY comment, and handle/pointer invariants are explicitly maintained."
- name: "error-handling-check"
instructions: "Verify public APIs return Result<_, TokenPrivilegeError>, preserve concrete source errors where relevant, and avoid panic-oriented patterns (unwrap/expect/panic) in library code."
- name: "test-coverage-check"
instructions: "Verify coverage for Windows and non-Windows paths, including UnsupportedPlatform stubs, invalid privilege names, and privilege enumeration/elevation consistency checks."
tools:
ast-grep:
rule_dirs: []
util_dirs: []
essential_rules: true
packages: []
shellcheck:
enabled: false
ruff:
enabled: false
markdownlint:
enabled: true
github-checks:
enabled: true
timeout_ms: 120000
languagetool:
enabled: false
enabled_rules: []
disabled_rules: []
enabled_categories: []
disabled_categories: []
enabled_only: false
level: default
biome:
enabled: false
hadolint:
enabled: false
swiftlint:
enabled: false
phpstan:
enabled: false
level: default
phpmd:
enabled: false
phpcs:
enabled: false
golangci-lint:
enabled: false
yamllint:
enabled: true
gitleaks:
enabled: true
checkov:
enabled: false
detekt:
enabled: false
eslint:
enabled: false
flake8:
enabled: false
rubocop:
enabled: false
buf:
enabled: false
regal:
enabled: false
actionlint:
enabled: true
pmd:
enabled: false
cppcheck:
enabled: false
semgrep:
enabled: false
circleci:
enabled: false
clippy:
enabled: true
sqlfluff:
enabled: false
prismaLint:
enabled: false
pylint:
enabled: false
oxc:
enabled: false
shopifyThemeCheck:
enabled: false
luacheck:
enabled: false
brakeman:
enabled: false
dotenvLint:
enabled: false
htmlhint:
enabled: false
checkmake:
enabled: false
osvScanner:
enabled: true
chat:
art: false
auto_reply: true
integrations:
jira:
usage: auto
linear:
usage: auto
knowledge_base:
opt_out: false
web_search:
enabled: true
code_guidelines:
enabled: true
filePatterns: []
learnings:
scope: auto
issues:
scope: local
jira:
usage: auto
project_keys: []
linear:
usage: auto
team_keys: []
pull_requests:
scope: local
mcp:
usage: enabled
disabled_servers: []
code_generation:
docstrings:
language: en-US
path_instructions:
- path: "src/lib.rs"
instructions: "Generate comprehensive rustdoc for the public API with examples for is_elevated() and privilege checks, explicit error semantics, and platform behavior notes."
- path: "src/**/*.rs"
instructions: "Document all public items with rustdoc and include Windows/non-Windows behavior expectations. For internal FFI docs, include safety invariants without exposing unsafe details in public API docs."
unit_tests:
path_instructions:
- path: "src/lib.rs"
instructions: "Generate tests for top-level API behavior, especially UnsupportedPlatform stubs on non-Windows and stable Result semantics."
- path: "src/**/*.rs"
instructions: "Test error handling paths, invalid privilege-name behavior, Windows-gated privilege/elevation checks, and enumeration output expectations. Ensure no panics in library behavior."
issue_enrichment:
auto_enrich:
enabled: true
planning:
enabled: false
labeling:
labeling_instructions:
- label: "bug"
instructions: "Apply when the issue reports incorrect privilege/elevation behavior, unexpected errors, panics, or API contract regressions"
- label: "enhancement"
instructions: "Apply when the issue requests new privilege constants, API additions, improved diagnostics, or workflow/tooling improvements"
- label: "documentation"
instructions: "Apply when the issue is about rustdoc, README, mdBook pages, AGENTS.md, or other documentation"
- label: "priority:high"
instructions: "Apply when the issue involves unsafe FFI soundness, handle lifetimes, pointer/ABI assumptions, security risk, or release-blocking failures"
- label: "question"
instructions: "Apply when the issue asks about usage, Windows token semantics, platform support, or integration in downstream crates with forbid(unsafe_code)"
auto_apply_labels: true