pollify/.coderabbit.yaml at main · Imuaz/pollify · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
language: en

reviews:
  # Enable detailed reviews with context
  profile: "chill" # Options: "chill", "assertive"

  # Request changes workflow
  request_changes_workflow: true

  # Auto-reviews for pull requests
  auto_review:
    enabled: true
    drafts: false

  # Security scanning configuration
  security_scanning:
    enabled: true
    scan_dependencies: true
    scan_secrets: true
    vulnerability_alerts: true
    sast_enabled: true # Static Application Security Testing

  # AI-powered suggestions
  ai_suggestions:
    enabled: true
    features:
      - code_optimization
      - security_best_practices
      - performance_improvements
      - accessibility_enhancements
      - test_coverage

  # Path-based review settings
  path_instructions:
    # Next.js Components - Focus on performance and accessibility
    - path: "app/**/*.tsx"
      instructions: |
        When reviewing Next.js components, pay special attention to:
        - Component composition and hierarchy optimization
        - Proper use of useState, useEffect, useContext, useCallback, useMemo
        - Accessibility modifiers and ARIA attributes
        - Performance implications of complex component hierarchies
        - Proper use of Server and Client Components
        - Memory management and cleanup in useEffect
        - Dark mode and theme support
        - Internationalization and localization
        - Main thread UI updates optimization
        - Component complexity (should not exceed 100-150 lines)
        - XSS prevention in component rendering
        - Content Security Policy compliance
        - Event handler security best practices
        - Secure prop validation and sanitization

    # Server Actions - Focus on security and error handling
    - path: "app/lib/actions/*.ts"
      instructions: |
        When reviewing Server Actions, check for:
        - Input validation and sanitization
        - Proper error handling and type safety
        - Security vulnerabilities
        - Database query optimization
        - Rate limiting implementation
        - Authentication and authorization checks
        - Response data structure
        - Cache invalidation strategy
        - CSRF protection implementation
        - SQL injection prevention
        - Parameter pollution protection
        - Session handling security
        - Secure error messaging
        - API endpoint hardening

    # Database and API - Focus on data integrity
    - path: "lib/supabase/*.ts"
      instructions: |
        When reviewing database and API code:
        - Check for proper error handling
        - Validate database queries
        - Ensure type safety with database operations
        - Verify authentication implementation
        - Check for proper environment variable usage
        - Review security measures
        - Validate connection management
        - Implement query parameterization
        - Check for sensitive data exposure
        - Verify access control patterns
        - Review backup procedures
        - Monitor query performance
        - Validate data encryption

    # Authentication and Authorization
    - path: "app/(auth)/**/*.tsx"
      instructions: |
        When reviewing authentication code:
        - Verify secure password handling
        - Check for proper session management
        - Check for secure cookie settings
        - Verify HTTPS enforcement
        - Review rate limiting on auth endpoints
        - Check for secure password reset flow
        - Validate JWT handling
        - Monitor for brute force protection

  # Severity levels for different types of issues
  severity:
    critical:
      - security_vulnerabilities
      - memory_leaks
      - authentication_bypass
      - data_exposure
    high:
      - performance_issues
      - security_misconfiguration
      - insecure_dependencies
    medium:
      - code_style_violations
      - accessibility_issues
      - type_safety_concerns
    low:
      - documentation_missing
      - code_duplication
      - naming_conventions

  # AI-powered code metrics
  code_metrics:
    enabled: true
    analyze:
      - cyclomatic_complexity
      - cognitive_complexity
      - maintainability_index
      - code_duplication
      - test_coverage