Add CodeRabbit configuration file (.coderabbit.yaml)

[anshulchikhale30-p]

Summary

This PR adds the standardized .coderabbit.yaml configuration file from the AOSSIE Template Repository.

Purpose

• Enables consistent automated review behavior
• Discourages verbose or boilerplate comments
• Encourages concise, high-quality documentation
• Aligns this repository with organization-wide standards

Summary by CodeRabbit

• Chores
  • Configured comprehensive automated code review system with AI-powered issue labeling and auto-planning. Enabled automated pull request reviews featuring pre-merge validation, code quality checks, and language-specific review guidelines. Integrated development tools and linters to standardize code practices, enhance consistency, and streamline the code review workflow across the project.

[coderabbitai]

Warning

Ignoring CodeRabbit configuration file changes. For security, only the configuration from the base branch is applied for open source repositories.

Walkthrough

A new .coderabbit.yaml configuration file is added (+280 lines) enabling IDE autocompletion and comprehensive review automation. It configures global settings, issue enrichment, automated reviews, pre-merge checks, path filters, code analysis tools, and language-specific review instructions across multiple domains.

Changes

Cohort / File(s)	Summary
Configuration & Review Setup .coderabbit.yaml	Added comprehensive CodeRabbit configuration file defining global settings, issue labeling/planning, review automation profiles, pre-merge checks, tool integrations (shellcheck, ruff, markdownlint, linters, security tools), and language-specific review instructions for TypeScript, JavaScript, Python, Solidity, Bash, HTML/CSS, and asset handling.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Suggested labels

Documentation, Linter

Poem

🐰 A config so grand, with wisdom to share,
Reviews now automate with meticulous care,
From Python to Solidity, each tongue now speaks clear,
IDE hints bloom bright, the future is near! ✨

🚥 Pre-merge checks | ✅ 2

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and directly summarizes the main change: adding a CodeRabbit configuration file. It is concise, specific, and accurately reflects the primary purpose of the pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 5

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.coderabbit.yaml:
- Around line 217-220: The glob pattern "**/*.{py}" uses redundant
single-element brace expansion; update the pattern string used in the YAML (the
value currently set to "**/*.{py}") to a simpler equivalent "**/*.py" wherever
it appears so the Python file matching is clearer and consistent (look for the
pattern value in the YAML mapping under the Python instructions).
- Around line 170-173: The "Ensure that 'use client' is being used" rule is too
broad when applied to path "**/*.{ts,tsx,js,jsx}"; narrow the target so it only
checks actual Next.js client components (for example change the path to
something like "app/**/*.{tsx,jsx}" or "components/**/*.{tsx,jsx}") and exclude
server-only files (api routes, utils, scripts, tests) by adding explicit exclude
globs or separate rules for server-side patterns; update the rule block in
.coderabbit.yaml (the instructions entry that currently targets
"**/*.{ts,tsx,js,jsx}") to limit scanning to client component locations or add
an allowlist/exclude to avoid false positives.
- Around line 67-68: The inline note saying "just leave comments" is misleading
because request_changes_workflow: true actually posts GitHub "Request Changes"
reviews (which can block merges when combined with error pre-merge checks) and
interacts with the assertive profile; so either change request_changes_workflow
to false if you want advisory-only behavior, or update the comment next to the
request_changes_workflow setting to accurately state that enabling it will
submit formal "Request Changes" reviews and may block PRs when error-mode checks
or assertive behavior are enabled.
- Around line 259-271: The glob pattern "**/*.test.{sol}" does not match
Foundry-style Solidity tests; replace that entry so it matches files like
"Counter.t.sol" (e.g., change the pattern to "**/*.t.sol" or add a pattern for
"**/*.t.sol" instead of "**/*.test.{sol}") so Foundry test files are picked up;
update the pattern string in the .coderabbit.yaml section that currently
contains "**/*.test.{sol}".
- Around line 153-165: The YAML has an invalid top-level key
reviews.instructions which will be ignored; move that freestanding instructions
string into a catch-all entry under reviews.path_instructions (e.g., add a path:
"**" entry with the instructions text) so the directives are applied globally,
and remove or scope the line that discourages "NatSpec" to non-Solidity paths
(or delete that discouragement) so NatSpec remains allowed for .sol files;
reference the reviews.instructions key, reviews.path_instructions section, and
the NatSpec/.sol guidance when making the change.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Misleading comment — request_changes_workflow: true does more than "just leave comments"

The inline comment contradicts the setting's actual effect. With request_changes_workflow: true, CodeRabbit submits GitHub's formal "Request Changes" review status on PRs with open issues — not just passive comments. If the request-changes workflow is enabled, error mode pre-merge checks can block the PR until the check passes. More broadly, this also means CodeRabbit will auto-approve only once all its own comments are resolved. Combined with the assertive profile, this can become an aggressive gate on every PR.

If the intent is just to post advisory comments without gating merges, set this to false (the default).

⚙️ Suggested correction

-  # Automatically request changes on the PR (just leave comments)
-  request_changes_workflow: true
+  # Enables GitHub "Request Changes" status; CodeRabbit will block merges until its comments are resolved.
+  # Set to false if you only want advisory comments without blocking merges.
+  request_changes_workflow: false

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	# Automatically request changes on the PR (just leave comments)
	request_changes_workflow: true
	# Enables GitHub "Request Changes" status; CodeRabbit will block merges until its comments are resolved.
	# Set to false if you only want advisory comments without blocking merges.
	request_changes_workflow: false

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.coderabbit.yaml around lines 67 - 68, The inline note saying "just leave
comments" is misleading because request_changes_workflow: true actually posts
GitHub "Request Changes" reviews (which can block merges when combined with
error pre-merge checks) and interacts with the assertive profile; so either
change request_changes_workflow to false if you want advisory-only behavior, or
update the comment next to the request_changes_workflow setting to accurately
state that enabling it will submit formal "Request Changes" reviews and may
block PRs when error-mode checks or assertive behavior are enabled.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🌐 Web query:

CodeRabbit coderabbit.yaml schema v2 reviews.instructions field specification

💡 Result:

reviews.instructions is not a valid field in CodeRabbit’s .coderabbit.yaml schema v2 (it does not exist under the reviews object in schema.v2.json).[1][2]

To provide “review instructions” in schema v2, use one of these instead:

• Path-based review instructions: reviews.path_instructions — an array of objects with:
  • path (string; glob pattern, e.g. **/*.ts)
  • instructions (string; maxLength: 20000)
  • Default: [][1][3]

Example:

reviews:
  path_instructions:
    - path: "**/*.py"
      instructions: "Prefer type hints; flag any public function without docstrings."

• Global tone guidance (not review-only): tone_instructions (string; maxLength: 250).[1]

---

🌐 Web query:

CodeRabbit path_instructions catch-all pattern **/* global instructions

💡 Result:

To apply global (catch‑all) path_instructions in CodeRabbit, use a minimatch glob that matches the whole repo, e.g. **/* (or **). CodeRabbit’s path_instructions.path uses minimatch glob patterns. [1]

Example:

reviews:
  path_instructions:
    - path: "**/*"
      instructions: |
        Global review rules for all files (then add more specific rules below).
    - path: "**/*.js"
      instructions: |
        JS-specific rules...

Notes:

• ** is minimatch “globstar” (matches across directories). [2]
• Minimatch patterns like **/* typically don’t match dotfiles/dirs unless you explicitly pattern them (eg **/.*) or the matcher enables the dot option. [2]

Sources: [1] [2]

---

🌐 Web query:

NatSpec Solidity EIP standard documentation format

💡 Result:

Solidity NatSpec (Natural Language Specification Format)

NatSpec is a comment/tag format used in Solidity source to generate user docs and developer docs. Use either /// per line or /** ... */ blocks above contracts/functions/events/etc. (docs.soliditylang.org)

Common tags (all optional): @title, @author, @notice (end-user), @dev (developer), @param <name>, @return <name>, @inheritdoc <BaseContract>, and tool-specific tags via @custom:<name>. (docs.soliditylang.org)

Example:

/// `@title` Simple Vault
/// `@notice` Stores ETH and lets users withdraw.
/// `@dev` For integrators: emits Withdraw on success.
contract Vault {
    /// `@notice` Withdraw `amount` wei to the caller.
    /// `@param` amount Amount of wei to withdraw.
    /// `@return` ok True if the withdrawal succeeded.
    function withdraw(uint256 amount) external returns (bool ok) { ... }
}

EIP “standard documentation format” (how EIPs are written)

EIPs themselves follow EIP-1’s Markdown template: a YAML-like header “preamble” (--- … ---) with fields like eip, title, description, author, status, type, etc., followed by sections such as Abstract, Motivation (optional), and Specification. (eips.ethereum.org)

Citations:

• 1: https://docs.soliditylang.org/en/latest/natspec-format.html?utm_source=openai
• 2: https://docs.soliditylang.org/en/latest/natspec-format.html?utm_source=openai
• 3: https://eips.ethereum.org/EIPS/eip-1?utm_source=openai

---

🏁 Script executed:

cat -n .coderabbit.yaml | sed -n '150,170p'

Repository: StabilityNexus/MiniChain

Length of output: 1211

---

🏁 Script executed:

sed -n '220,250p' .coderabbit.yaml

Repository: StabilityNexus/MiniChain

Length of output: 2076

---

reviews.instructions is not a valid schema key — these global instructions will be silently ignored

The reviews object in the CodeRabbit schema v2 has additionalProperties: false, and there is no top-level instructions property defined under reviews. Path-based instructions are configured in the .coderabbit.yaml file under the reviews.path_instructions section; each instruction consists of a path glob and an instructions string. A freestanding reviews.instructions key is unrecognised and will be dropped without error.

To apply instructions globally, add a catch-all entry inside reviews.path_instructions:

🛠️ Proposed fix — move global instructions into path_instructions

-  # Review instructions that apply to all files
-  instructions: >-
-    - Verify that documentation and comments are free of spelling mistakes
-    - Ensure that test code is automated, comprehensive, and follows testing best practices
-    - Verify that all critical functionality is covered by tests
-    - Confirm that the code meets the project's requirements and objectives
-    - Confirm that copyright years are up-to date whenever a file is changed
-    - Point out redundant obvious comments that do not add clarity to the code
-    - Ensure that comments are concise and suggest more concise comment statements if possible
-    - Discourage usage of verbose comment styles such as NatSpec
-    - Look for code duplication
-    - Suggest code completions when:
-        - seeing a TODO comment
-        - seeing a FIXME comment

   # Custom review instructions for specific file patterns
   path_instructions:
+    # Global instructions applied to all files
+    - path: "**/*"
+      instructions: |
+        - Verify that documentation and comments are free of spelling mistakes
+        - Ensure that test code is automated, comprehensive, and follows testing best practices
+        - Verify that all critical functionality is covered by tests
+        - Confirm that the code meets the project's requirements and objectives
+        - Confirm that copyright years are up-to-date whenever a file is changed
+        - Point out redundant obvious comments that do not add clarity to the code
+        - Ensure that comments are concise and suggest more concise comment statements if possible
+        - Look for code duplication
+        - Suggest code completions when seeing a TODO or FIXME comment
     # TypeScript/JavaScript files

Also note that line 161 discourages "verbose comment styles such as NatSpec" globally. NatSpec is the standard documentation format for Solidity contracts and should not be discouraged for .sol files. The Solidity-specific path_instructions entry already provides targeted guidance; scope the NatSpec discouragement to non-Solidity paths or remove it from the global instruction entirely.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.coderabbit.yaml around lines 153 - 165, The YAML has an invalid top-level
key reviews.instructions which will be ignored; move that freestanding
instructions string into a catch-all entry under reviews.path_instructions
(e.g., add a path: "**" entry with the instructions text) so the directives are
applied globally, and remove or scope the line that discourages "NatSpec" to
non-Solidity paths (or delete that discouragement) so NatSpec remains allowed
for .sol files; reference the reviews.instructions key,
reviews.path_instructions section, and the NatSpec/.sol guidance when making the
change.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

"Ensure that use client is being used" is too broad for all TS/JS files

This instruction applies to **/*.{ts,tsx,js,jsx}, which includes Next.js server components, API routes (app/api/…), utility libraries, Node.js scripts, and test files — none of which should carry use client. Blanket enforcement will generate false-positive warnings on every non-client file.

💡 Suggested tightening

-    - Ensure that "use client" is being used
-    - Ensure that only features that allow pure client-side rendering are used
+    - For React component files intended as client components, verify "use client" is declared where needed.
+    - Server components, API routes, and utility modules should NOT use "use client".
+    - Ensure client-side APIs (window, document, localStorage) are not used in server components.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.coderabbit.yaml around lines 170 - 173, The "Ensure that 'use client' is
being used" rule is too broad when applied to path "**/*.{ts,tsx,js,jsx}";
narrow the target so it only checks actual Next.js client components (for
example change the path to something like "app/**/*.{tsx,jsx}" or
"components/**/*.{tsx,jsx}") and exclude server-only files (api routes, utils,
scripts, tests) by adding explicit exclude globs or separate rules for
server-side patterns; update the rule block in .coderabbit.yaml (the
instructions entry that currently targets "**/*.{ts,tsx,js,jsx}") to limit
scanning to client component locations or add an allowlist/exclude to avoid
false positives.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Redundant single-element brace expansion in Python glob

"**/*.{py}" is equivalent to "**/*.py"; the curly braces serve no purpose with a single extension.

✂️ Proposed fix

-    - path: "**/*.{py}"
+    - path: "**/*.py"

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- path: "**/*.{py}"
	instructions: |
	Python:
	- Check for major PEP 8 violations and Python best practices.
	- path: "**/*.py"
	instructions: |
	Python:
	- Check for major PEP 8 violations and Python best practices.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.coderabbit.yaml around lines 217 - 220, The glob pattern "**/*.{py}" uses
redundant single-element brace expansion; update the pattern string used in the
YAML (the value currently set to "**/*.{py}") to a simpler equivalent "**/*.py"
wherever it appears so the Python file matching is clearer and consistent (look
for the pattern value in the YAML mapping under the Python instructions).

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Find all Solidity files with test-like names
echo "=== Solidity files with test-like patterns ==="
fd -e sol . | grep -iE '(test|spec|\.t)' | head -50

echo ""
echo "=== Check for test configuration files ==="
fd -type f \( -name "hardhat.config.*" -o -name "foundry.toml" -o -name ".solhint.json" \)

echo ""
echo "=== Total .sol files in repo ==="
fd -e sol . | wc -l

Repository: StabilityNexus/MiniChain

Length of output: 382

---

🏁 Script executed:

#!/bin/bash
# List the repository structure
echo "=== Repository structure (top level) ==="
ls -la

echo ""
echo "=== Check .coderabbit.yaml exists ==="
[ -f .coderabbit.yaml ] && echo "Found .coderabbit.yaml" || echo "Not found"

echo ""
echo "=== Search for any test files ==="
fd -type f | grep -iE '\.(test|spec)\.(sol|ts|tsx|js|jsx)$' | head -30

echo ""
echo "=== List all file types in repo ==="
fd -type f | sed 's/.*\.//' | sort | uniq -c | sort -rn | head -20

Repository: StabilityNexus/MiniChain

Length of output: 1204

---

🏁 Script executed:

#!/bin/bash
# Read the .coderabbit.yaml around the lines mentioned (259-271)
echo "=== .coderabbit.yaml lines 250-280 ==="
sed -n '250,280p' .coderabbit.yaml

echo ""
echo "=== Full file size and structure ==="
wc -l .coderabbit.yaml

Repository: StabilityNexus/MiniChain

Length of output: 1600

---

Correct the Solidity test file glob pattern to match actual test file naming conventions

The pattern **/*.test.{sol} will not match real Solidity test files. Foundry, the dominant Solidity testing framework, uses the .t.sol suffix (e.g., Counter.t.sol), while Hardhat tests are written in JavaScript/TypeScript and are already covered by the **/*.test.{ts,tsx,js,jsx} entry.

Suggested correction for Foundry-style test files

-    - path: "**/*.test.{sol}"
+    - path: "**/*.t.sol"

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	# Solidity test files
	- path: "**/*.test.{sol}"
	instructions: |
	Review test files for:
	- Comprehensive coverage of contract behavior.
	- Coverage of success paths, edge cases, and failure/revert scenarios.
	- Proper validation of access control restrictions.
	- Verification of event emissions where applicable.
	- Explicit validation of state changes after each relevant function call.
	- Adequate test updates whenever contract logic is modified.
	- Deterministic behavior (tests should not rely on implicit execution order or shared mutable state).
	- Clear and descriptive test names that reflect the intended behavior being validated.
	# Solidity test files
	- path: "**/*.t.sol"
	instructions: |
	Review test files for:
	- Comprehensive coverage of contract behavior.
	- Coverage of success paths, edge cases, and failure/revert scenarios.
	- Proper validation of access control restrictions.
	- Verification of event emissions where applicable.
	- Explicit validation of state changes after each relevant function call.
	- Adequate test updates whenever contract logic is modified.
	- Deterministic behavior (tests should not rely on implicit execution order or shared mutable state).
	- Clear and descriptive test names that reflect the intended behavior being validated.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.coderabbit.yaml around lines 259 - 271, The glob pattern "**/*.test.{sol}"
does not match Foundry-style Solidity tests; replace that entry so it matches
files like "Counter.t.sol" (e.g., change the pattern to "**/*.t.sol" or add a
pattern for "**/*.t.sol" instead of "**/*.test.{sol}") so Foundry test files are
picked up; update the pattern string in the .coderabbit.yaml section that
currently contains "**/*.test.{sol}".