.coderabbit.yaml

# yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json
# https://docs.coderabbit.ai/getting-started/configure-coderabbit

# CodeRabbit Configuration
# Optimized for .NET 10 / ASP.NET Core Web API project

language: en-US
early_access: true

reviews:
  profile: chill
  request_changes_workflow: false
  high_level_summary: true
  high_level_summary_placeholder: "@coderabbitai summary"
  review_status: true
  commit_status: true
  fail_commit_status: false
  collapse_walkthrough: false
  changed_files_summary: true
  sequence_diagrams: true
  estimate_code_review_effort: true
  assess_linked_issues: true
  related_issues: true
  related_prs: true
  suggested_labels: true
  auto_apply_labels: false
  suggested_reviewers: false
  poem: false
  abort_on_close: true

  path_instructions:
    - path: "**/*.cs"
      instructions: |
        - Follow C# naming conventions: PascalCase for classes/methods/properties, camelCase for local variables
        - Ensure nullable reference types are handled properly
        - Verify async/await patterns are used consistently
        - Check for proper dependency injection usage
        - Validate that var is used appropriately for obvious types
        - Ensure ILogger<T> is used for logging, not Console.WriteLine
        - Code should follow CSharpier formatting standards

    - path: "src/**/Controllers/**/*.cs"
      instructions: |
        - Controllers should be thin - delegate to services
        - Verify proper HTTP status codes (200, 201, 400, 404, 409, 500)
        - Check that [ApiController] and route attributes are present
        - Ensure validation happens before processing
        - Confirm async controller actions return appropriate Result types

    - path: "src/**/Services/**/*.cs"
      instructions: |
        - Services should contain business logic and orchestration
        - Verify proper use of IMemoryCache for read operations
        - Check that AutoMapper is used for object transformations
        - Ensure structured logging with ILogger<T>
        - Validate cache invalidation on data modifications

    - path: "src/**/Repositories/**/*.cs"
      instructions: |
        - Repositories should abstract data access
        - Verify AsNoTracking() is used for read-only queries
        - Check that all database operations are async
        - Ensure proper null handling for not-found scenarios
        - Validate LINQ queries for performance

    - path: "src/**/Models/**/*.cs"
      instructions: |
        - Models should be clean POCOs
        - Check for proper use of nullable reference types
        - Verify navigation properties are virtual (if using lazy loading)
        - Ensure DTOs are separate from domain entities

    - path: "src/**/Validators/**/*.cs"
      instructions: |
        - Validators should use FluentValidation
        - Check validation rules are for data structure, not business logic
        - Ensure error messages are descriptive
        - Verify validators are registered in DI container

    - path: "src/**/Mappings/**/*.cs"
      instructions: |
        - Profiles should inherit from AutoMapper Profile
        - Verify CreateMap<Source, Destination>() calls cover all DTOs in use
        - Check reverse mappings are defined where bidirectional mapping is needed
        - Ensure profiles are registered via AddAutoMapper() in the DI setup
        - Flag any manual property mappings that could be replaced by convention

    - path: "src/**/Middlewares/**/*.cs"
      instructions: |
        - Middleware must implement InvokeAsync(HttpContext context) signature
        - Verify _next(context) is called unless the middleware intentionally short-circuits
        - Ensure exceptions are not swallowed — rethrow or translate to Problem Details
        - Middleware should be stateless; dependencies requiring request scope belong in services

    - path: "src/**/Extensions/**/*.cs"
      instructions: |
        - Extension methods should target IServiceCollection and return IServiceCollection
        - Each method should encapsulate a single registration concern
        - Verify service lifetimes (Singleton/Scoped/Transient) match the dependency's usage
        - Follow the Add{Feature} naming convention (e.g. AddPlayerServices, AddRateLimiting)

    - path: "test/**/*.cs"
      instructions: |
        - Tests should use xUnit, Moq, and FluentAssertions
        - Verify test naming follows the two-pattern convention (exactly 3 underscore-delimited segments):
          - Controller tests: {HttpMethod}_{Resource}_{Condition}_Returns{Outcome} (e.g. Get_Players_Existing_ReturnsPlayers)
          - Service/Validator tests: {MethodName}_{StateUnderTest}_{ExpectedBehavior} (e.g. RetrieveAsync_CacheMiss_QueriesRepositoryAndCachesResult)
        - Check that mocks are properly configured
        - Ensure async tests use Task return type
        - Validate test data uses PlayerFakes factory methods from test/Utilities/
        - Tests should use [Fact] and [Theory] attributes with [Trait("Category", "Unit")]

    - path: "**/Dockerfile"
      instructions: |
        - Verify multi-stage builds are used
        - Check that .NET 10 SDK and runtime versions match
        - Ensure non-root user is used for security
        - Validate HEALTHCHECK instruction is present

    - path: "**/appsettings*.json"
      instructions: |
        - Verify no sensitive data is committed
        - Check configuration structure matches usage in code
        - Ensure Development and Production configs are appropriate

    - path: "**/*.csproj"
      instructions: |
        - Verify .NET 10 (net10.0) target framework
        - Check that nullable reference types are enabled
        - Ensure package versions are up to date
        - Validate that ImplicitUsings is enabled

  path_filters:
    - "!**/bin/**"
    - "!**/obj/**"
    - "!**/logs/**"
    - "!**/storage/**"
    - "!**/*.db"
    - "!**/*.db-shm"
    - "!**/*.db-wal"
    - "!**/packages.lock.json"
    - "!**/Migrations/**"
    - "!**/*.Designer.cs"
    - "!**/ModelSnapshot.cs"

  auto_review:
    enabled: true
    auto_incremental_review: true
    ignore_title_keywords:
      - "WIP"
      - "DO NOT REVIEW"
      - "wip"
    drafts: false
    base_branches:
      - master
      - main

  finishing_touches:
    docstrings:
      enabled: true
    unit_tests:
      enabled: true
    custom:
      - name: "sync documentation"
        instructions: |
          This is a PoC/learning project targeting developers unfamiliar with the stack.
          Documentation is a first-class concern. Review the PR changes and perform the
          following three checks:

          ## 1. Method/function docstrings
          For every public function, method, or handler touched in the PR:
          - If it lacks a docstring/doc comment, add one using the idiomatic format
            for the language and framework in use.
          - If it has one but no longer matches the current signature, parameters,
            or behavior, update it.
          - Docstrings should explain *why* and *what*, not just restate the signature.
            Assume the reader is learning the language.

          ## 2. README.md
          Check whether the PR introduces or removes endpoints, changes behavior,
          adds dependencies, or modifies how to run the project.
          If so, update the relevant sections of README.md to reflect the current state.
          Do not rewrite sections unrelated to the changes.

          ## 3. .github/copilot-instructions.md
          If the PR introduces patterns, conventions, or architectural decisions that
          should guide future AI-assisted contributions, add or update the relevant
          instructions in .github/copilot-instructions.md.
          Focus on things a developer (or AI assistant) unfamiliar with this specific
          stack implementation should know before writing code here.

      - name: "enforce http error handling"
        instructions: |
          Audit all HTTP handler functions in the changed files.
          Ensure errors return appropriate HTTP status codes (400 for bad input,
          404 for not found, 500 for unexpected errors) and a consistent JSON error
          body with at least a "message" field.
          Flag handlers that return 200 on error or swallow errors silently.
          Use idiomatic error handling patterns for the language and framework in use.

      - name: "idiomatic review"
        instructions: |
          Review the changed files for non-idiomatic patterns given the language and
          framework in use. Flag code that looks like it was translated from another
          language rather than written naturally for this stack. Suggest idiomatic
          alternatives with brief explanations. This is a PoC comparison project,
          so idiomatic usage is a first-class concern.

      - name: "verify api contract"
        instructions: |
          Review the changed files and verify that all HTTP endpoints (method, path,
          request body shape, and response shape) match the project's intended REST API
          contract. Check the README or any spec/contract file in the repo for reference.
          Flag any deviations — missing fields, wrong status codes, inconsistent naming.
          Do not make changes; only report findings as a comment.

  pre_merge_checks:
    docstrings:
      mode: warning
      threshold: 80
    title:
      mode: warning
      requirements: |
        - Use Conventional Commits format (feat:, fix:, chore:, docs:, test:, refactor:)
        - Keep under 80 characters
        - Be descriptive and specific
    description:
      mode: off
    issue_assessment:
      mode: off

  tools:
    # Secret scanners
    gitleaks:
      enabled: true
    trufflehog:
      enabled: true

    # IaC / infrastructure
    checkov:
      enabled: true
    trivy:
      enabled: true
    hadolint:
      enabled: true

    # General static analysis
    semgrep:
      enabled: true
    opengrep:
      enabled: true

    # File-type linters
    yamllint:
      enabled: true
    actionlint:
      enabled: true
    markdownlint:
      enabled: true
    dotenvLint:
      enabled: true
    checkmake:
      enabled: true
    osvScanner:
      enabled: true
    github-checks:
      enabled: true
      timeout_ms: 120000

    # Disable irrelevant tools for this .NET project
    shellcheck:
      enabled: false
    ruff:
      enabled: false
    biome:
      enabled: false
    swiftlint:
      enabled: false
    phpstan:
      enabled: false
    phpmd:
      enabled: false
    phpcs:
      enabled: false
    golangci-lint:
      enabled: false
    detekt:
      enabled: false
    eslint:
      enabled: false
    flake8:
      enabled: false
    pylint:
      enabled: false
    rubocop:
      enabled: false
    buf:
      enabled: false
    regal:
      enabled: false
    pmd:
      enabled: false
    clang:
      enabled: false
    cppcheck:
      enabled: false
    clippy:
      enabled: false
    sqlfluff:
      enabled: false
    prismaLint:
      enabled: false
    oxc:
      enabled: false
    shopifyThemeCheck:
      enabled: false
    luacheck:
      enabled: false
    brakeman:
      enabled: false
    htmlhint:
      enabled: false
    languagetool:
      enabled: false
    circleci:
      enabled: false
    fortitudeLint:
      enabled: false
    stylelint:
      enabled: false
    blinter:
      enabled: false
    psscriptanalyzer:
      enabled: false

chat:
  art: true
  auto_reply: true

knowledge_base:
  opt_out: false
  web_search:
    enabled: true
  code_guidelines:
    enabled: true
    filePatterns:
      - ".github/copilot-instructions.md"
  learnings:
    scope: auto
  issues:
    scope: auto
  pull_requests:
    scope: auto
  mcp:
    usage: auto

code_generation:
  docstrings:
    language: en-US
    path_instructions:
      - path: "**/*.cs"
        instructions: |
          - Use XML documentation comments (///) for public APIs
          - Include <summary>, <param>, and <returns> tags
          - Keep documentation concise and meaningful
          - Don't state the obvious - add value
  unit_tests:
    path_instructions:
      - path: "test/**/*.cs"
        instructions: |
          - Use xUnit framework with [Fact] and [Theory] attributes
          - Follow the two-pattern naming convention (exactly 3 underscore-delimited segments):
            - Controller tests: {HttpMethod}_{Resource}_{Condition}_Returns{Outcome}
            - Service/Validator tests: {MethodName}_{StateUnderTest}_{ExpectedBehavior}
          - Use [Trait("Category", "Unit")] attribute for all unit tests
          - Use Moq for mocking dependencies
          - Use FluentAssertions for readable assertions
          - Ensure async tests return Task
          - Structure tests with Arrange, Act, Assert comments

issue_enrichment:
  auto_enrich:
    enabled: true
  planning:
    enabled: true
    auto_planning:
      enabled: true
      labels:
        - planning
  labeling:
    labeling_instructions: []
    auto_apply_labels: false