ci: Add CodeRabbit configuration

[DaveSkender]

No description provided.

[Copilot]

Pull Request Overview

This PR adds a comprehensive CodeRabbit configuration file to customize automated code review behavior for the repository.

• Configures CodeRabbit with a "chill" review profile and auto-review enabled
• Sets up extensive path filters to exclude generated files, dependencies, and build artifacts
• Enables multiple security and linting tools (gitleaks, semgrep, osvScanner, markdownlint, yamllint, actionlint, shellcheck)

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds a new .coderabbit.yaml configuration that defines automated review behavior and tooling. Key facts: language en-US, early_access enabled, auto_review enabled for all base branches, and Conventional Commits-style PR title templates and constraints. Pre-merge checks set title to warning; docstrings, description, and issue assessment disabled. Path include/exclude patterns expanded to cover many generated and cache files. Multiple scanners and linters are explicitly enabled or disabled, and knowledge-base/code-guideline settings are configured.

Pre-merge checks

✅ Passed checks (1 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The pull request title "ci: Add CodeRabbit configuration" directly and clearly summarizes the main change, which is the addition of a new .coderabbit.yaml configuration file for automated review tooling. The title uses proper conventional commit formatting with the ci: prefix, is concise and specific without vague terms or unnecessary noise, and would allow teammates to understand the primary change when scanning commit history. The title accurately reflects the changeset content and primary objective.

---

📜 Recent review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4cd7cb0 and 71b827d.

📒 Files selected for processing (1)

• .coderabbit.yaml (1 hunks)

🔇 Additional comments (6)

.coderabbit.yaml (6)

1-9: Configuration structure and previous issues resolved.

Both issues from the previous review have been corrected:

• Line 78: title.mode is now warning (not 'on')
• Line 90: vendor filter comment is now complete and descriptive

The file is well-structured with clear sections and comprehensive inline documentation.

---

39-60: Thoughtful auto-title instructions.

The auto_title_instructions provide clear, actionable guidance with concrete examples for Conventional Commits format. The requirements section effectively constrains title generation to maintainable standards (length ≤ 65 characters, lowercase types, imperative mood).

---

70-78: Pre-merge checks configuration is schema-compliant.

All modes (off for docstrings/description/issue_assessment, warning for title) are valid enum values per the CodeRabbit schema. The choice to use off for three checks and warning for titles reflects an intentional review posture.

---

81-96: Path filters are comprehensive and well-commented.

The exclusions (node_modules, lock files, build outputs, cache directories, generated files, etc.) are sensible for a broad repository. The base pattern ** combined with negations provides good coverage without manual path enumeration.

---

98-134: Tool selection is intentional and justified.

Enabling gitleaks, semgrep, osvScanner, markdownlint, yamllint, actionlint, and shellcheck while disabling eslint, ruff, golangci-lint, hadolint, and others suggests a deliberate focus aligned to this organization's tech stack and linting philosophy. The github-checks timeout of 400s (6.67 minutes) is within schema limits and reasonable for external integrations.

---

136-152: Knowledge base configuration is well-targeted.

Enabling code guidelines with explicit filePatterns (copilot-instructions, agents.md, etc.) and setting learnings/issues/pull_requests to auto scope enables smart knowledge reuse while respecting public/private repository boundaries.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between bcd8fb5 and 4cd7cb0.

📒 Files selected for processing (1)

• .coderabbit.yaml (1 hunks)

🔇 Additional comments (1)

.coderabbit.yaml (1)

1-160: Configuration is well-structured overall.

The configuration comprehensively covers reviews, auto-titling, pre-merge checks, file filtering, tool integrations, and knowledge base settings. Once the enum validation error on line 79 is corrected, the configuration should validate successfully against the schema.

[DaveSkender]

Unneeded, added it to a new coderabbit repo instead