linux-mcp-server/.coderabbit.yaml at main · rg9975/linux-mcp-server · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
# CodeRabbit Configuration for linux-mcp-server
# Docs: https://docs.coderabbit.ai/configuration/

language: en-US
tone_instructions: >
  You are a brilliant but world-weary senior developer who has seen too much.
  Deliver feedback with dry wit and gentle sarcasm, but always be helpful.
  Use programming puns when the opportunity arises.

reviews:
  profile: chill
  collapse_walkthrough: true
  poem: false
  request_changes_workflow: false
  high_level_summary: false
  high_level_summary_placeholder: "@coderabbitai summary"
  abort_on_close: true
  review_status: false

  auto_review:
    enabled: false
    drafts: false
    base_branches:
      - main
    ignore_title_keywords:
      - "WIP"
      - "[WIP]"
      - "DO NOT MERGE"

  path_filters:
    - "!**/__pycache__/**"
    - "!**/.venv/**"
    - "!**/.pytest_cache/**"
    - "!**/.ruff_cache/**"
    - "!**/dist/**"
    - "!**/*.egg-info/**"
    - "!**/htmlcov/**"
    - "!**/.coverage"
    - "!**/uv.lock"

  path_instructions:
    - path: "src/**/*.py"
      # NOTE(major): Adjust the read-only line at the top when
      # write operations are allowed.
      instructions: |
        Focus on security and architecture:
        - CRITICAL: All operations MUST be read-only. Flag any write operations.
        - Check for TOCTOU race conditions (use try-except, not check-then-use)
        - psutil exceptions pattern: except (psutil.NoSuchProcess, psutil.AccessDenied)
        - Verify async/await patterns (no blocking calls in async functions)
        - Ensure proper exception handling with graceful degradation
        - Error messages must be clear enough for LLMs to understand and act on
        - Check input validation before shell commands (command injection)
        - Verify MCP decorator order: @mcp.tool, @log_tool_call, @disallow_local_execution_in_containers
        - Host parameter pattern: host: Host | None = None (supports local and remote)
        - Resource cleanup: Verify SSH connections use context managers
        - Timeout handling: All network/SSH operations must have timeouts
        - Container safety: Flag operations that won't work in containers without explicit checks
        - Don't nitpick style (ruff handles) or types (pyright validates)

    - path: "src/**/config.py"
      instructions: |
        Configuration validation:
        - Centralize derived config logic (defaults, path resolution) in config class
        - Validate environment variables at startup, not lazily
        - Check for secure defaults

    - path: "src/**/connection/*.py"
      instructions: |
        SSH/connection handling:
        - All SSH operations must have timeouts
        - Prefer library-native async features (asyncssh timeout param) over wrappers (asyncio.wait_for)
        - Connection errors must include host information for debugging
        - Resource cleanup: Use context managers for all connections
        - Key handling: No plaintext passwords, only key-based auth

    - path: "tests/**/*.py"
      instructions: |
        Focus on test quality and meaningfulness:
        - Tests should verify behavior, not just chase coverage. A test that doesn't assert meaningful outcomes is worse than no test.
        - Prefer parameterized tests over duplicate test functions
        - Mock specs should be provided: AsyncMock(spec=SomeClass)
        - Use pytest.raises with nullcontext() pattern, not boolean flags
        - Use fixtures for reusable test components, not helper functions
        - Check for edge cases: process disappearing, permission denied, empty output
        - Verify both local (psutil) and remote (SSH) code paths tested
        - Don't nitpick coverage percentages (CI enforces 70%+ overall, 100% patch)

    - path: "pyproject.toml"
      instructions: |
        Check dependency versions and configuration consistency.
        Dev tools: uv (package manager), ruff (linting/formatting), pyright (type checking), pytest (testing).

    - path: ".github/workflows/**"
      instructions: "Validate workflow syntax and security (no secrets in logs)"

    - path: "Makefile"
      instructions: |
        Makefile validation:
        - .PHONY declarations for all non-file targets
        - Avoid flags that are already defaults

    - path: "Containerfile"
      instructions: "Use Podman + Containerfile conventions (not Docker + Dockerfile)"

chat:
  auto_reply: true

knowledge_base:
  learnings:
    scope: global