envilder/.coderabbit.yaml at main · macalbert/envilder · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
# CodeRabbit configuration for envilder
# Multi-runtime secret management platform:
#   - TypeScript CLI + GitHub Action (core engine)
#   - .NET SDK (NuGet: Envilder)
#   - Python SDK (PyPI: envilder)
#   - Astro website (docs + marketing)
#   - AWS CDK infrastructure
# https://docs.coderabbit.ai/guides/configure-coderabbit

language: en-US

reviews:
  profile: "chill"
  request_changes_workflow: false
  high_level_summary: true
  poem: false
  review_status: true
  collapse_walkthrough: false

  path_filters:
    - "!pnpm-lock.yaml"
    - "!**/package-lock.json"
    - "!lib/**"
    - "!coverage/**"
    - "!github-action/dist/**"
    - "!**/bin/**"
    - "!**/obj/**"
    - "!**/.venv/**"
    - "!**/node_modules/**"
    - "src/**"
    - "tests/**"
    - "e2e/**"
    - "docs/**"
    - "scripts/**"
    - "examples/**"

  path_instructions:
    # TypeScript core (CLI + GHA)
    - path: "src/envilder/core/domain/**"
      instructions: |
        Pure domain layer — NO external dependencies allowed.
        Entities must be immutable. Ports are interfaces only.
        Custom errors extend DomainError.
    - path: "src/envilder/core/application/**"
      instructions: |
        Application layer — Command/Handler pattern with InversifyJS DI.
        Each feature = Command + CommandHandler pair.
        Commands have static .create() factory methods.
    - path: "src/envilder/core/infrastructure/**"
      instructions: |
        Infrastructure adapters implementing domain ports.
        Verify AWS credential handling, no hardcoded secrets.
        Check proper error handling for SDK calls.
    - path: "src/envilder/apps/**"
      instructions: |
        Entry points (CLI + GHA). Shared DI setup in shared/.
        GHA is pull-only (no push mode).
        After code changes, verify pnpm build:gha updates dist/.

    # .NET SDK
    - path: "src/sdks/dotnet/**"
      instructions: |
        .NET SDK targeting netstandard2.0 — no default interface methods,
        no File.ReadAllTextAsync with CancellationToken, no cancelable ReadToEndAsync.
        Uses Central Package Management (Directory.Packages.props).
        EditorConfig enforces tabs, _prefix for private fields, PascalCase for const/static readonly.
        ISecretProvider has sync GetSecret + async GetSecretAsync.
        Factory pattern (SecretProviderFactory.Create) — no DI container.
        Envilder static facade is the primary public API.
    - path: "tests/sdks/dotnet/**"
      instructions: |
        xUnit v3 with NSubstitute + AwesomeAssertions + AutoFixture.
        IAsyncLifetime returns ValueTask (not Task).
        Test naming: Should_Expected_When_Condition. AAA pattern with comment markers.
        No try/catch/finally in tests — use IAsyncLifetime or fixtures for cleanup.
        GlobalSuppressions.cs suppresses VSTHRD200 and CA1707 for test naming.

    # Python SDK
    - path: "src/sdks/python/**"
      instructions: |
        Python SDK using boto3 (AWS) and azure-identity (Azure).
        Synchronous API — no async/await. Protocol-based ports.
        Factory pattern (SecretProviderFactory.create).
        Envilder facade is the primary public API with fluent builder.
        Strict mypy (disallow_untyped_defs). Format: black + isort (79 cols).
        SDK public APIs SHOULD have docstrings with examples.
    - path: "tests/sdks/python/**"
      instructions: |
        pytest with Should_Expected_When_Condition naming (python_functions = ["Should_*"]).
        AAA pattern with comment markers. No docstrings except AAA markers.
        Acceptance tests use TestContainers (LocalStack for AWS, Lowkey Vault for Azure).

    # Website
    - path: "src/website/**"
      instructions: |
        Astro + pure CSS website. Dual theme (retro/light).
        i18n system with multiple locales. Check responsive design.

    # Infrastructure as Code
    - path: "src/iac/**"
      instructions: |
        AWS CDK in TypeScript. Review IAM permissions carefully.
        No overly permissive policies. Verify resource naming conventions.

    # E2E tests
    - path: "e2e/**"
      instructions: |
        End-to-end tests using TestContainers with LocalStack (AWS)
        and Lowkey Vault (Azure). Run pnpm build + pack-and-install before E2E.

  tools:
    gitleaks:
      enabled: true

  auto_review:
    enabled: true
    drafts: false
    ignore_title_keywords:
      - "wip"
      - "draft"
      - "dependabot"

  finishing_touches:
    docstrings:
      enabled: false

chat:
  auto_reply: true