chore: add standard CodeRabbit configuration file#304
Open
Muneerali199 wants to merge 1 commit intoAOSSIE-Org:mainfrom
Open
chore: add standard CodeRabbit configuration file#304Muneerali199 wants to merge 1 commit intoAOSSIE-Org:mainfrom
Muneerali199 wants to merge 1 commit intoAOSSIE-Org:mainfrom
Conversation
|
Warning Ignoring CodeRabbit configuration file changes. For security, only the configuration from the base branch is applied for open source repositories. 📝 WalkthroughWalkthroughA new Changes
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes Poem
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 5
🧹 Nitpick comments (1)
.coderabbit.yaml (1)
273-280: Asset review instructions are mobile-centric for a website project.
@2xand@3xvariants are an iOS/mobile convention. For web projects, consider referencing responsive images (srcset), WebP/AVIF formats, and appropriate compression instead.Suggested update
- path: "assets/**/*" instructions: | Review asset files for: - Image optimization (appropriate size and format) - - Proper `@2x` and `@3x` variants for different screen densities + - Responsive image variants or use of modern formats (WebP, AVIF) - SVG assets are optimized - Font files are licensed and optimized🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.coderabbit.yaml around lines 273 - 280, The asset review checklist under the "assets/**/*" entry is mobile/iOS-centric (mentions `@2x` and `@3x`); update it to web-appropriate guidance by replacing references to `@2x/`@3x with responsive image practices such as using srcset and sizes, recommending modern formats (WebP/AVIF), ensuring proper compression and responsive breakpoints, confirming optimized SVGs, and verifying licensed/subsetted fonts—keep the checklist focused on web delivery, performance, and responsive behavior.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.coderabbit.yaml:
- Around line 67-68: The inline comment for the configuration key
request_changes_workflow is misleading: it currently says "(just leave
comments)" but request_changes_workflow: true actually files a "Request Changes"
review that blocks the PR until comments are addressed then auto-approves;
update the comment next to request_changes_workflow to accurately describe this
behavior (or flip the boolean if the intended behavior was to only leave
comments) and keep the comment succinctly stating the exact effect (e.g., "when
true, submit a Request Changes review that blocks the PR until addressed, then
auto-approves").
- Around line 248-257: Update the test guidance entry that currently references
"@testing-library/react-native" to use "@testing-library/react" because this is
a web project; locate the YAML block matching the test path pattern
"**/*.test.{ts,tsx,js,jsx}" and replace the `@testing-library/react-native`
mention in the instructions with `@testing-library/react`, ensuring the rest of
the checklist (coverage, async, accessibility, descriptions, non-tautological
tests) remains unchanged.
- Around line 170-186: The instruction "Ensure that 'use client' is being used"
is too broad; change it to advise conditional use only when client-side features
are required. Replace that line with wording like: "Ensure 'use client' is added
only for components that require client-side behavior (React hooks, event
handlers, browser APIs, or stateful UI); prefer server components by default to
retain Next.js App Router performance benefits" and update the rule text in the
YAML (the string "Ensure that 'use client' is being used") accordingly so
linters/guidance will only flag true client-side needs.
- Around line 188-197: The YAML contains mobile-specific rules that don't apply
to this Next.js web project; remove references to expo-secure-store,
`@testing-library/react-native`, and `@2x/`@3x image conventions and replace them
with web-appropriate guidance: recommend httpOnly/secure/SameSite cookies or
localStorage+CSRF protections for tokens, suggest using the Web Crypto API for
sensitive operations, swap `@testing-library/react-native` for
`@testing-library/react`, and replace `@2x/`@3x image guidance with responsive image
patterns (srcset, sizes, modern formats). Update the security checklist entries
that mention "expo-secure-store", "@testing-library/react-native", and "@2x/@3x"
to these web-specific alternatives and remove any React Native-only tooling or
wording.
- Around line 152-166: The YAML contains an invalid top-level
reviews.instructions property; remove or move this block out of reviews and
instead add it under path_instructions as a catch-all entry. Specifically,
delete the reviews.instructions key and create a path_instructions item with
path: "**/*" and an instructions scalar containing the listed rules (use the
path_instructions and instructions keys so the schema accepts it). Ensure you do
not add additional top-level properties forbidden by the schema and keep the
exact instruction text under the new path_instructions.entry.
---
Nitpick comments:
In @.coderabbit.yaml:
- Around line 273-280: The asset review checklist under the "assets/**/*" entry
is mobile/iOS-centric (mentions `@2x` and `@3x`); update it to web-appropriate
guidance by replacing references to `@2x/`@3x with responsive image practices such
as using srcset and sizes, recommending modern formats (WebP/AVIF), ensuring
proper compression and responsive breakpoints, confirming optimized SVGs, and
verifying licensed/subsetted fonts—keep the checklist focused on web delivery,
performance, and responsive behavior.
Comment on lines
+67
to
+68
| # Automatically request changes on the PR (just leave comments) | ||
| request_changes_workflow: true |
There was a problem hiding this comment.
Misleading inline comment on request_changes_workflow.
The comment says "(just leave comments)" but request_changes_workflow: true does the opposite — it submits a "Request Changes" review that blocks the PR until CodeRabbit's comments are resolved, then auto-approves. This is a meaningful behavioral difference and the comment will mislead future readers.
Proposed fix
- # Automatically request changes on the PR (just leave comments)
+ # Request changes until CodeRabbit's comments are resolved, then auto-approve
request_changes_workflow: true🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.coderabbit.yaml around lines 67 - 68, The inline comment for the
configuration key request_changes_workflow is misleading: it currently says
"(just leave comments)" but request_changes_workflow: true actually files a
"Request Changes" review that blocks the PR until comments are addressed then
auto-approves; update the comment next to request_changes_workflow to accurately
describe this behavior (or flip the boolean if the intended behavior was to only
leave comments) and keep the comment succinctly stating the exact effect (e.g.,
"when true, submit a Request Changes review that blocks the PR until addressed,
then auto-approves").
Comment on lines
+152
to
+166
| # Review instructions that apply to all files | ||
| instructions: >- | ||
| - Verify that documentation and comments are free of spelling mistakes | ||
| - Ensure that test code is automated, comprehensive, and follows testing best practices | ||
| - Verify that all critical functionality is covered by tests | ||
| - Confirm that the code meets the project's requirements and objectives | ||
| - Confirm that copyright years are up-to date whenever a file is changed | ||
| - Point out redundant obvious comments that do not add clarity to the code | ||
| - Ensure that comments are concise and suggest more concise comment statements if possible | ||
| - Discourage usage of verbose comment styles such as NatSpec | ||
| - Look for code duplication | ||
| - Suggest code completions when: | ||
| - seeing a TODO comment | ||
| - seeing a FIXME comment | ||
|
|
There was a problem hiding this comment.
🧩 Analysis chain
🌐 Web query:
CodeRabbit .coderabbit.yaml schema reviews instructions field
💡 Result:
In the .coderabbit.yaml schema v2, there isn’t a single reviews.instructions field. Instead, “instructions” appears in several nested review settings (all under reviews:), notably:
reviews.path_instructions[].instructions: string, max length 20000 (path-specific review guidance) [1]reviews.labeling_instructions[].instructions: string, max length 3000 (when to suggest a given PR label) [1]reviews.pre_merge_checks.custom_checks[].instructions: string, max length 10000 (deterministic pass/fail criteria for a custom pre-merge check) [1]
Example:
# yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json
reviews:
path_instructions:
- path: "**/*.ts"
instructions: "Prefer functional patterns; ensure strict null checks."
labeling_instructions:
- label: "frontend"
instructions: "Apply when PR changes React/UI code."
pre_merge_checks:
custom_checks:
- name: "No TODOs"
mode: "error"
instructions: "Fail if any added/modified line contains 'TODO'."Source: CodeRabbit “Configuration reference” (auto-generated from the schema; last updated 2026-02-11) [1]
[1] https://docs.coderabbit.ai/reference/configuration/
🏁 Script executed:
# Search for any schema definitions or documentation in the repository
find . -type f -name "*.json" -o -name "*.yaml" -o -name "*.yml" -o -name "*.md" | grep -E "(schema|config)" | head -20Repository: AOSSIE-Org/Resonate-Website
Length of output: 136
🏁 Script executed:
# Search for references to 'reviews' and 'instructions' in the codebase
rg "reviews:" --type yaml -A 5 | head -50Repository: AOSSIE-Org/Resonate-Website
Length of output: 453
instructions is not a recognized property under reviews in the schema.
The CodeRabbit schema v2 does not include a top-level reviews.instructions field. The instructions property is only valid within nested structures such as path_instructions[], labeling_instructions[], and pre_merge_checks.custom_checks[]. Since reviews has additionalProperties: false, this field will be silently ignored by CodeRabbit, and your intended review instructions won't be applied.
To apply these instructions globally, move them to path_instructions with a catch-all glob pattern:
Proposed fix
path_instructions:
# General review instructions for all files
- path: "**/*"
instructions: |
- Verify that documentation and comments are free of spelling mistakes
- Ensure that test code is automated, comprehensive, and follows testing best practices
- Verify that all critical functionality is covered by tests
- Confirm that the code meets the project's requirements and objectives
- Confirm that copyright years are up-to date whenever a file is changed
- Point out redundant obvious comments that do not add clarity to the code
- Ensure that comments are concise and suggest more concise comment statements if possible
- Discourage usage of verbose comment styles such as NatSpec
- Look for code duplication
- Suggest code completions when:
- seeing a TODO comment
- seeing a FIXME comment🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.coderabbit.yaml around lines 152 - 166, The YAML contains an invalid
top-level reviews.instructions property; remove or move this block out of
reviews and instead add it under path_instructions as a catch-all entry.
Specifically, delete the reviews.instructions key and create a path_instructions
item with path: "**/*" and an instructions scalar containing the listed rules
(use the path_instructions and instructions keys so the schema accepts it).
Ensure you do not add additional top-level properties forbidden by the schema
and keep the exact instruction text under the new path_instructions.entry.
Comment on lines
+170
to
+186
| - path: "**/*.{ts,tsx,js,jsx}" | ||
| instructions: | | ||
| NextJS: | ||
| - Ensure that "use client" is being used | ||
| - Ensure that only features that allow pure client-side rendering are used | ||
| - NextJS best practices (including file structure, API routes, and static generation methods) are used. | ||
|
|
||
| TypeScript: | ||
| - Avoid 'any', use explicit types | ||
| - Prefer 'import type' for type imports | ||
| - Review for significant deviations from Google JavaScript style guide. Minor style issues are not a priority | ||
| - The code adheres to best practices associated with React | ||
| - The code adheres to best practices associated with React PWA | ||
| - The code adheres to best practices associated with SPA | ||
| - The code adheres to best practices recommended by lighthouse or similar tools for performance | ||
| - The code adheres to best practices associated with Node.js | ||
| - The code adheres to best practices recommended for performance |
There was a problem hiding this comment.
"use client" instruction is overly broad and counterproductive for Next.js.
Line 173 says "Ensure that 'use client' is being used" — this will flag every server component as needing "use client", which is incorrect. In the Next.js App Router, components are server components by default, and "use client" should only be added when client-side features (hooks, event handlers, browser APIs) are actually needed. Blanket enforcement undermines one of Next.js's core performance optimizations.
Consider rephrasing to guide correct usage rather than blanket enforcement.
Suggested wording
NextJS:
- - Ensure that "use client" is being used
- - Ensure that only features that allow pure client-side rendering are used
+ - Ensure that "use client" is only added to components that require client-side features (hooks, event handlers, browser APIs)
+ - Prefer server components by default; only opt into client rendering when necessary
- NextJS best practices (including file structure, API routes, and static generation methods) are used.📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| - path: "**/*.{ts,tsx,js,jsx}" | |
| instructions: | | |
| NextJS: | |
| - Ensure that "use client" is being used | |
| - Ensure that only features that allow pure client-side rendering are used | |
| - NextJS best practices (including file structure, API routes, and static generation methods) are used. | |
| TypeScript: | |
| - Avoid 'any', use explicit types | |
| - Prefer 'import type' for type imports | |
| - Review for significant deviations from Google JavaScript style guide. Minor style issues are not a priority | |
| - The code adheres to best practices associated with React | |
| - The code adheres to best practices associated with React PWA | |
| - The code adheres to best practices associated with SPA | |
| - The code adheres to best practices recommended by lighthouse or similar tools for performance | |
| - The code adheres to best practices associated with Node.js | |
| - The code adheres to best practices recommended for performance | |
| - path: "**/*.{ts,tsx,js,jsx}" | |
| instructions: | | |
| NextJS: | |
| - Ensure that "use client" is only added to components that require client-side features (hooks, event handlers, browser APIs) | |
| - Prefer server components by default; only opt into client rendering when necessary | |
| - NextJS best practices (including file structure, API routes, and static generation methods) are used. | |
| TypeScript: | |
| - Avoid 'any', use explicit types | |
| - Prefer 'import type' for type imports | |
| - Review for significant deviations from Google JavaScript style guide. Minor style issues are not a priority | |
| - The code adheres to best practices associated with React | |
| - The code adheres to best practices associated with React PWA | |
| - The code adheres to best practices associated with SPA | |
| - The code adheres to best practices recommended by lighthouse or similar tools for performance | |
| - The code adheres to best practices associated with Node.js | |
| - The code adheres to best practices recommended for performance |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.coderabbit.yaml around lines 170 - 186, The instruction "Ensure that 'use
client' is being used" is too broad; change it to advise conditional use only
when client-side features are required. Replace that line with wording like:
"Ensure 'use client' is added only for components that require client-side
behavior (React hooks, event handlers, browser APIs, or stateful UI); prefer
server components by default to retain Next.js App Router performance benefits"
and update the rule text in the YAML (the string "Ensure that 'use client' is
being used") accordingly so linters/guidance will only flag true client-side
needs.
Comment on lines
+188
to
+197
| Security: | ||
| - No exposed API keys or sensitive data | ||
| - Use expo-secure-store for sensitive storage | ||
| - Validate deep linking configurations | ||
| - Check for common security vulnerabilities such as: | ||
| - SQL Injection | ||
| - XSS (Cross-Site Scripting) | ||
| - CSRF (Cross-Site Request Forgery) | ||
| - Insecure dependencies | ||
| - Sensitive data exposure |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# First, let's find and read the .coderabbit.yaml file to verify the content at the mentioned lines
fd -t f ".coderabbit.yaml" --max-depth 3
# Check the line count first
wc -l .coderabbit.yaml
# Show lines 185-200 to verify the context
echo "=== Lines 185-200 ==="
sed -n '185,200p' .coderabbit.yaml
# Show lines 250-260 to check line 253
echo "=== Lines 250-260 ==="
sed -n '250,260p' .coderabbit.yaml
# Show lines 275-285 to check line 278
echo "=== Lines 275-285 ==="
sed -n '275,285p' .coderabbit.yamlRepository: AOSSIE-Org/Resonate-Website
Length of output: 1523
🏁 Script executed:
#!/bin/bash
# Check the package.json to determine project type
fd -t f "package.json" --max-depth 2 -exec cat {} \;Repository: AOSSIE-Org/Resonate-Website
Length of output: 258
🏁 Script executed:
#!/bin/bash
# Read package.json to check project dependencies
cat package.jsonRepository: AOSSIE-Org/Resonate-Website
Length of output: 463
Mobile-specific instructions in code review configuration for a web project.
This repository is "Resonate-Website" — a Next.js web project (dependencies: next@16.1.1, react@19.2.3, react-dom@19.2.3). The .coderabbit.yaml file contains mobile-specific instructions that don't apply:
- Line 190:
expo-secure-storeis a React Native/Expo package unavailable in browsers - Line 253:
@testing-library/react-nativeis for React Native only (should use@testing-library/react) - Line 278:
@2xand@3ximage variants are iOS conventions (web uses responsive images/srcset)
These instructions appear to come from a generic template and should be replaced with web-appropriate guidance (e.g., httpOnly cookies for tokens, Web Crypto API for sensitive operations, responsive image patterns).
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.coderabbit.yaml around lines 188 - 197, The YAML contains mobile-specific
rules that don't apply to this Next.js web project; remove references to
expo-secure-store, `@testing-library/react-native`, and `@2x/`@3x image conventions
and replace them with web-appropriate guidance: recommend
httpOnly/secure/SameSite cookies or localStorage+CSRF protections for tokens,
suggest using the Web Crypto API for sensitive operations, swap
`@testing-library/react-native` for `@testing-library/react`, and replace `@2x/`@3x
image guidance with responsive image patterns (srcset, sizes, modern formats).
Update the security checklist entries that mention "expo-secure-store",
"@testing-library/react-native", and "@2x/@3x" to these web-specific
alternatives and remove any React Native-only tooling or wording.
Comment on lines
+248
to
+257
| # Javascript/Typescript test files | ||
| - path: "**/*.test.{ts,tsx,js,jsx}" | ||
| instructions: | | ||
| Review test files for: | ||
| - Comprehensive coverage of component behavior | ||
| - Proper use of @testing-library/react-native | ||
| - Async behavior is properly tested | ||
| - Accessibility testing is included | ||
| - Test descriptions are sufficiently detailed to clarify the purpose of each test | ||
| - The tests are not tautological |
There was a problem hiding this comment.
Test instructions reference @testing-library/react-native — likely should be @testing-library/react for a web project.
Suggested fix
- path: "**/*.test.{ts,tsx,js,jsx}"
instructions: |
Review test files for:
- Comprehensive coverage of component behavior
- - Proper use of `@testing-library/react-native`
+ - Proper use of `@testing-library/react`
- Async behavior is properly tested
- Accessibility testing is included🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.coderabbit.yaml around lines 248 - 257, Update the test guidance entry that
currently references "@testing-library/react-native" to use
"@testing-library/react" because this is a web project; locate the YAML block
matching the test path pattern "**/*.test.{ts,tsx,js,jsx}" and replace the
`@testing-library/react-native` mention in the instructions with
`@testing-library/react`, ensuring the rest of the checklist (coverage, async,
accessibility, descriptions, non-tautological tests) remains unchanged.
10 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds the standard .coderabbit.yaml from the AOSSIE Template-Repo to align CodeRabbit settings across org repos. This is a low-risk config-only change; requesting a quick review and merge if everything looks good.
Summary by CodeRabbit