coderabbit-ci-integration SKILL.md View full skill →

Configure CodeRabbit as a CI gate with GitHub Actions, branch protection, and review enforcement.

ReadWriteEditBash(gh:*)Bash(git:*)

CodeRabbit CI Integration

Overview

Integrate CodeRabbit into your CI/CD pipeline as a merge gate. CodeRabbit posts a GitHub Check on each PR, and you can require this check to pass before merging. This skill covers branch protection rules, GitHub Actions workflows that react to CodeRabbit reviews, and strategies for enforcing review quality in CI.

Prerequisites

CodeRabbit GitHub App installed on your repository
GitHub repository with branch protection enabled
.coderabbit.yaml committed to repository root
GitHub Actions enabled on the repository

Instructions

Step 1: Enable CodeRabbit as a Required Status Check


1. Go to GitHub repo > Settings > Branches > Branch protection rules
2. Click "Add rule" (or edit existing rule for `main`)
3. Enable "Require status checks to pass before merging"
4. Search for "coderabbitai" in the status checks list
5. Select it as a required check
6. Save changes

Result: PRs cannot be merged until CodeRabbit completes its review.

Step 2: Configure Review Approval Behavior


# .coderabbit.yaml - Control when CodeRabbit blocks merge
reviews:
  request_changes_workflow: true   # CodeRabbit marks review as "Changes Requested" for issues
  # When true: PRs with issues show as "Changes Requested" (blocks merge if reviews required)
  # When false: CodeRabbit only posts "Comment" reviews (never blocks merge)

  profile: "assertive"             # Controls comment volume
  # chill: fewer comments, only critical issues
  # assertive: balanced, blocks on significant issues
  # nitpicky: detailed comments, blocks more frequently

  auto_review:
    enabled: true
    drafts: false                  # Don't run CI-blocking reviews on drafts
    base_branches:
      - main
      - develop
      - "release/*"
    ignore_title_keywords:
      - "WIP"
      - "DO NOT MERGE"

Step 3: Create a Review Gate Workflow


# .github/workflows/coderabbit-gate.yml
name: CodeRabbit Review Gate

on:
  pull_request_review:
    types: [submitted]

jobs:
  check-review:
    # Only run when CodeRabbit submits a review
    if: github.event.review.user.login == 'coderabbitai[bot]'
    runs-on: ubuntu-latest
    steps:
      - name: Evaluate CodeRabbit review
        uses: actions/github-script@v7
        with:
          script: |
            const reviews = await github.rest.pulls.listReviews({
              owner: context.repo.owner,
              repo: context.repo.repo,
              pull_number: context.issue.number,
            });

            const crReview = reviews.data
              .filter(r => r.user.login === 'coderabbitai[bot]')
              .pop();

            if (!crRevie


                
                  
                  
                  coderabbit-common-errors
                  SKILL.md
                  View full skill →
                
                
                  Diagnose and fix CodeRabbit common errors and configuration issues.
                  
                      ReadGrepBash(gh:*)Bash(git:*)
                    
                
                
                  CodeRabbit Common Errors
Overview
Quick-reference troubleshooting guide for the most common CodeRabbit issues. CodeRabbit is a GitHub/GitLab App that reviews PRs automatically -- most problems are configuration issues, permission gaps, or YAML syntax errors rather than API failures.
Prerequisites

CodeRabbit GitHub App installed on repository
Access to GitHub repository settings
.coderabbit.yaml in repository root

Instructions
Step 1: Identify Your Issue Category

Symptom
Category
Jump To


No review posted on PR
Installation/Permissions
Error 1


Review on some PRs but not others
Configuration
Error 2-4


Too many comments / noise
Tuning
Error 5


Config changes not taking effect
YAML Issues
Error 6


Bot not responding to commands
Interaction
Error 7


Review takes too long
Performance
Error 8


Error 1: No Review Posted on PR
Symptoms: PR is open, targeting main, but no CodeRabbit review appears after 15+ minutes.
Diagnosis:

set -euo pipefail
# Check if CodeRabbit App is installed on this repo
gh api repos/OWNER/REPO/installation --jq '.app_slug' 2>/dev/null || echo "NOT INSTALLED"

# Check if the PR author has a CodeRabbit seat
# Go to app.coderabbit.ai > Organization > Seats

Causes & Solutions:

App not installed: Visit https://github.com/apps/coderabbitai and install on the repo
Repo not selected: In GitHub > Installed Apps > CodeRabbit, add the specific repository
No seat assigned: The PR author needs a CodeRabbit seat (app.coderabbit.ai > Subscription)
Private repo without org plan: Free tier only works on public repos

Error 2: Reviews Only on Some Branches
Symptoms: Reviews appear on PRs to main but not develop or feature branches.
Cause: base_branches filter in configuration only includes specific branches.
Fix:

# .coderabbit.yaml
reviews:
  auto_review:
    enabled: true
    base_branches:
      - main
      - develop
      - "release/*"     # Glob patterns work
      - "hotfix/*"
      # Remove base_branches entirely to review PRs to ALL branches

Error 3: Reviews Skip Certain PRs
Symptoms: Some PRs get reviewed, others are silently skipped.
Diagnosis checklist:


                
                  
                  
                  coderabbit-core-workflow-a
                  SKILL.md
                  View full skill →
                
                
                  Execute CodeRabbit primary workflow: automated PR code review with configuration.
                  
                      ReadWriteEditBash(gh:*)Bash(git:*)Grep
                    
                
                
                  CodeRabbit Core Workflow A: Automated PR Review
Overview
The primary CodeRabbit workflow: a developer opens a PR, CodeRabbit automatically analyzes the diff, posts a walkthrough summary and line-level comments, and the developer addresses feedback. This skill covers configuration, review profiles, path instructions, and the full review lifecycle.
Prerequisites

CodeRabbit GitHub App installed (see coderabbit-install-auth)
.coderabbit.yaml in repository root
At least one PR-capable branch

Instructions
Step 1: Configure the Review Pipeline

# .coderabbit.yaml - Production-ready configuration
language: "en-US"
early_access: false

reviews:
  profile: "assertive"              # chill = less feedback, assertive = more thorough
  request_changes_workflow: true    # CodeRabbit marks review as "changes requested" for issues
  high_level_summary: true          # Post a walkthrough comment summarizing all changes
  high_level_summary_in_walkthrough: true
  review_status: true               # Show review progress status
  collapse_walkthrough: false       # Keep walkthrough expanded
  sequence_diagrams: true           # Generate control flow diagrams
  poem: false                       # Disable poems in review summary

  auto_review:
    enabled: true
    drafts: false                   # Skip draft PRs
    base_branches:
      - main
      - develop
    ignore_title_keywords:
      - "WIP"
      - "DO NOT MERGE"
      - "chore: bump"

  path_filters:
    - "!**/*.lock"
    - "!**/*.snap"
    - "!**/generated/**"
    - "!dist/**"
    - "!**/*.min.js"
    - "!vendor/**"

  path_instructions:
    - path: "src/api/**"
      instructions: |
        Review for: input validation, proper HTTP status codes, auth middleware usage,
        error response format per RFC 7807. Flag missing error handling.
    - path: "src/db/**"
      instructions: |
        Review for: parameterized queries (no string concatenation), transaction boundaries,
        proper connection cleanup, index usage. Flag N+1 query patterns.
    - path: "**/*.test.*"
      instructions: |
        Review for: assertion completeness, edge case coverage, proper async handling.
        Do NOT comment on test naming conventions or import order.
    - path: ".github/workflows/**"
      instructions: |
        Review for: pinned action versions (use SHA not tag), no secrets in logs,
        timeout-minutes on all jobs, OIDC for cloud auth.

chat:
  auto_reply: true

# Finishing touches configuration
reviews:
  finishing_touches:
    docstrings:
      enabled: true       # Allow @coderabbitai generate-docstrings command

Step 2: Understand the Review Lifecycle

Developer ope


                
                  
                  
                  coderabbit-core-workflow-b
                  SKILL.md
                  View full skill →
                
                
                  Tune CodeRabbit review configuration: learnings, code guidelines, and noise reduction.
                  
                      ReadWriteEditBash(gh:*)Grep
                    
                
                
                  CodeRabbit Core Workflow B: Learnings & Tuning
Overview
After initial CodeRabbit setup (Workflow A), this skill covers tuning review quality through learnings, code guidelines, tone customization, and noise reduction. CodeRabbit improves over time by learning from your team's feedback patterns and custom rules.
Prerequisites

CodeRabbit installed and producing reviews (see coderabbit-core-workflow-a)
Several PRs worth of review history
Understanding of team coding standards

Instructions
Step 1: Configure Code Guidelines
CodeRabbit automatically detects coding rules from standard config files in your repo. It also reads AI agent configuration files for additional context.

# Files CodeRabbit auto-detects for coding rules:
# - .eslintrc.* / eslint.config.*     (JavaScript/TypeScript rules)
# - .prettierrc / prettier.config.*   (Formatting rules)
# - biome.json / biome.jsonc          (Biome linter rules)
# - .cursorrules                      (Cursor AI rules)
# - CLAUDE.md                         (Claude Code instructions)
# - .editorconfig                     (Editor settings)
# - .rubocop.yml                      (Ruby style)
# - ruff.toml / pyproject.toml        (Python rules)

# Add custom guidelines file:
# Create docs/CODING_STANDARDS.md with your team's rules
# Then reference it in .coderabbit.yaml:


# .coderabbit.yaml - Custom code guidelines
reviews:
  knowledge_base:
    code_guidelines:
      auto_detection: true          # Auto-detect from config files
      custom_patterns:
        - "docs/CODING_STANDARDS.md"
        - "docs/SECURITY_POLICY.md"
        - "team/code-style.txt"

Step 2: Train with Learnings via PR Feedback
Learnings are enabled by default. CodeRabbit learns from your team's review interactions:

# When CodeRabbit gives feedback you disagree with, reply:
"We intentionally use default exports in this project for Next.js pages.
Please don't flag default exports in files under src/pages/."

# CodeRabbit remembers this preference for future reviews.

# When you want to reinforce a pattern, reply positively:
"Good catch! We always want to flag missing error boundaries in React components."

# View current learnings in the CodeRabbit dashboard:
# app.coderabbit.ai > Organization > Learnings

Step 3: Customize Review Tone

# .coderabbit.yaml - Tone configuration
tone_instructions: |
  Be concise and direct. Skip pleasantries.
  Use bullet points for multiple suggestions.
  Include code examples for non-obvious fixes.
  Rate severity as: Critical > Warning > Suggestion > Nitpick.

# Review profiles control comment volume:
reviews:
  profile: "chill"       # Fewer


                
                  
                  
                  coderabbit-cost-tuning
                  SKILL.md
                  View full skill →
                
                
                  Optimize CodeRabbit costs through seat management, repo selection, and review scope tuning.
                  
                      ReadGrepBash(gh:*)
                    
                
                
                  CodeRabbit Cost Tuning
Overview
Optimize CodeRabbit per-seat licensing costs by right-sizing seat allocation, focusing reviews on high-value repositories, and configuring review scope to minimize unnecessary AI processing. CodeRabbit charges per seat based on active committers who open PRs.
Prerequisites

CodeRabbit Pro or Enterprise plan
GitHub/GitLab org admin access
Access to CodeRabbit dashboard at app.coderabbit.ai

Pricing Model

Plan
Price
Includes


Free
$0
Public repos, limited reviews


Pro
~$15/seat/month
Unlimited reviews, all features


Enterprise
Custom
SSO, dedicated support, SLA


Seat = any developer who opens a PR in a CodeRabbit-enabled repo.
Instructions
Step 1: Audit Seat Utilization
Navigate to CodeRabbit Dashboard > Organization > Seats:

# Example seat audit
seat_audit:
  active_committers_30d: 15    # These cost money
  bot_accounts: 3              # Dependabot, Renovate, CI bots (should NOT consume seats)
  inactive_30d: 7              # Haven't opened a PR in 30 days
  total_seats_billed: 25

  # Savings: Remove bots (3) + inactive (7) = 10 fewer seats
  # At ~$15/seat/month = $150/month savings

Step 2: Set Seat Policy to Active Committers Only
In CodeRabbit Dashboard > Organization > Billing:

Switch seat policy from "All org members" to "Active committers"
Define active as "opened a PR in the last 30 days"
Exclude bot accounts explicitly: dependabot[bot], renovate[bot], github-actions[bot]

Step 3: Focus Reviews on High-Value Repos
Only enable CodeRabbit on repos where AI review adds value:

# Enable CodeRabbit (high value):
- backend-api         → Business logic, security-critical
- payment-service     → PCI compliance, financial data
- infrastructure      → Terraform/IaC, blast radius high
- mobile-app          → Customer-facing, release quality

# Disable CodeRabbit (low value):
- documentation       → Markdown only, low risk
- design-assets       → Binary files, not reviewable
- sandbox             → Experimental, throwaway code
- archived-*          → Read-only repos
- internal-tools      → Low-traffic, single-developer repos

# To disable: GitHub > Installed Apps > CodeRabbit > Repository access
# Switch to "Only select repositories" and remove low-value repos

Step 4: Exclude Low-Value Files from Reviews

# .coderabbit.yaml - Skip files that don't benefit from AI review
reviews:
  path_filters:
    - "!**/*.lock"              # Lock file

coderabbit-data-handling SKILL.md View full skill → Implement CodeRabbit PII handling, data retention, and GDPR/CCPA compliance patterns. ReadWriteEdit CodeRabbit Data Handling Overview Manage code review data and sensitive patterns with CodeRabbit. Covers secret detection in PRs, sensitive file exclusion from AI review, review comment data retention, and configuring what code context gets sent to the AI engine. Prerequisites CodeRabbit installed on repository Understanding of sensitive file patterns Repository admin access for configuration Secret scanning tools awareness Instructions Step 1: Exclude Sensitive Files from Review # .coderabbit.yaml - Data handling configuration reviews: path_filters: # Never send these to AI review - "!**/.env*" - "!**/credentials*" - "!**/secrets*" - "!**/*.pem" - "!**/*.key" - "!**/*.p12" - "!**/serviceAccountKey*" - "!**/terraform.tfstate*" - "!**/*.tfvars" # Exclude large generated files - "!**/package-lock.json" - "!**/pnpm-lock.yaml" - "!**/yarn.lock" - "!**/*.generated.*" - "!**/dist/**" - "!**/coverage/**" Step 2: Secret Detection Instructions # .coderabbit.yaml - Instruct AI to flag secrets reviews: path_instructions: - path: "**" instructions: | CRITICAL: Flag any of these patterns as HIGH SEVERITY: - Hardcoded API keys, tokens, or passwords - AWS access keys (AKIA...) - Private keys or certificates - Database connection strings with credentials - JWT secrets or signing keys - Webhook URLs with tokens in query params If you find any secrets, add a comment: "SECURITY: Hardcoded secret detected. Move to environment variable." - path: "**/*.{yml,yaml}" instructions: | Check CI/CD files for: - Secrets logged in step names or echo statements - Unpinned GitHub Actions (use SHA, not tags) - Missing secret masking in outputs Step 3: Review Data Scope Management # Control what context CodeRabbit accesses reviews: auto_review: enabled: true drafts: false # Don't review draft PRs (may contain WIP secrets) base_branches: - "main" - "develop" ignore_title_keywords: - "WIP" - "DO NOT REVIEW" - "DRAFT" # Limit file types reviewed path_filters: # Only review source code, not data - "+src/**" - "+lib/**" - "+app/**" - "+tests/**" - "+.github/**" - "!**/*.csv" - "!**/*.json" # Exclude data files - "!**/fixtures/**" # Exclude test fixtures with s

coderabbit-debug-bundle SKILL.md View full skill → Collect CodeRabbit debug evidence for support tickets and troubleshooting. ReadBash(gh:*)Bash(git:*)Bash(python3:*)Grep CodeRabbit Debug Bundle Overview Collect all diagnostic information needed to troubleshoot CodeRabbit issues or file a support request. Since CodeRabbit is a GitHub/GitLab App (not an SDK), debugging focuses on: App installation status, .coderabbit.yaml configuration validity, PR review history, and GitHub webhook delivery logs. Prerequisites GitHub CLI (gh) authenticated Repository admin access (for webhook logs) Access to the GitHub repository where CodeRabbit is installed Instructions Step 1: Check CodeRabbit Installation Status set -euo pipefail OWNER="${1:-your-org}" REPO="${2:-your-repo}" echo "=== CodeRabbit Debug Bundle ===" echo "Repository: $OWNER/$REPO" echo "Generated: $(date -u +%Y-%m-%dT%H:%M:%SZ)" echo "" # Check if CodeRabbit App is installed echo "--- Installation Status ---" INSTALL=$(gh api "repos/$OWNER/$REPO/installation" --jq '.app_slug' 2>/dev/null) if [ "$INSTALL" = "coderabbitai" ]; then echo "CodeRabbit App: INSTALLED" else echo "CodeRabbit App: NOT INSTALLED" echo "Fix: Visit https://github.com/apps/coderabbitai to install" fi Step 2: Validate Configuration set -euo pipefail echo "" echo "--- Configuration Validation ---" # Check if .coderabbit.yaml exists if [ -f .coderabbit.yaml ]; then echo ".coderabbit.yaml: FOUND ($(wc -l < .coderabbit.yaml) lines)" # Validate YAML syntax python3 -c " import yaml, sys try: config = yaml.safe_load(open('.coderabbit.yaml')) print('YAML syntax: VALID') # Check key configuration fields reviews = config.get('reviews', {}) auto_review = reviews.get('auto_review', {}) print(f'auto_review.enabled: {auto_review.get(\"enabled\", \"not set\")}') print(f'auto_review.drafts: {auto_review.get(\"drafts\", \"not set\")}') print(f'profile: {reviews.get(\"profile\", \"not set\")}') base_branches = auto_review.get('base_branches', []) if base_branches: print(f'base_branches: {base_branches}') else: print('base_branches: not set (reviews all branches)') path_filters = reviews.get('path_filters', []) print(f'path_filters: {len(path_filters)} rules') path_instructions = reviews.get('path_instructions', []) print(f'path_instructions: {len(path_instructions)} rules') chat = config.get('chat', {}) print(f'chat.auto_reply: {chat.get(\"auto_reply\", \"not set\")}') except yaml.YAMLError as e: print(f'YAML syntax: INVALID

coderabbit-deploy-integration SKILL.md View full skill → Roll out CodeRabbit across an organization: multi-repo deployment, org-level config, and team onboarding. ReadWriteEditBash(gh:*)Bash(git:*) CodeRabbit Deploy Integration Overview Roll out CodeRabbit AI code review across an organization. Covers multi-repo deployment strategy, organization-level configuration, team-specific customization, and developer onboarding. CodeRabbit is a GitHub/GitLab App -- deployment means configuring the App installation, customizing review behavior, and integrating review status into merge workflows. Prerequisites GitHub Organization admin access CodeRabbit GitHub App installed (https://github.com/apps/coderabbitai) CodeRabbit Pro or Enterprise plan for private repos List of target repositories Instructions Step 1: Plan the Rollout # Phase 1 (Week 1): Pilot - Pick 2-3 high-activity repos with receptive teams - Use "chill" profile to minimize disruption - Collect feedback from pilot teams # Phase 2 (Week 2-3): Expand - Roll out to remaining backend/frontend repos - Apply learnings from pilot (path instructions, exclusions) - Switch to "assertive" profile # Phase 3 (Week 4+): Enforce - Add CodeRabbit as required status check on protected branches - Set up org-level defaults - Monitor adoption metrics Step 2: Create Organization-Level Configuration # .github/.coderabbit.yaml (in the .github repository) # This is the org-level default applied to ALL repos in the org # Individual repos can override by adding their own .coderabbit.yaml language: "en-US" early_access: false reviews: profile: "assertive" request_changes_workflow: false # Start with comments-only (non-blocking) high_level_summary: true high_level_summary_in_walkthrough: true review_status: true collapse_walkthrough: false sequence_diagrams: true poem: false auto_review: enabled: true drafts: false ignore_title_keywords: - "WIP" - "DO NOT MERGE" - "chore: bump" - "chore(deps)" path_filters: - "!**/*.lock" - "!**/package-lock.json" - "!**/pnpm-lock.yaml" - "!**/*.snap" - "!**/*.generated.*" - "!dist/**" - "!vendor/**" chat: auto_reply: true Step 3: Create Team-Specific Repo Configs # .coderabbit.yaml for a backend API repo # Inherits org defaults, adds API-specific instructions reviews: profile: "assertive" auto_review: enabled: true base_branches: [main, develop] path_instructions: - path: "src/api/**" instructions: | Review for: input validation, proper HTTP status codes, auth middleware. Flag missing error handling and unvalidated request bodies. - path: "src/db/**" instructions: | Review for: parameterized queries, transaction boundarie

coderabbit-enterprise-rbac SKILL.md View full skill → Configure CodeRabbit enterprise access control, seat management, and organization policies. ReadWriteEditBash(gh:*) CodeRabbit Enterprise RBAC Overview Manage CodeRabbit AI code review access across an enterprise organization. CodeRabbit inherits repository permissions from your Git provider -- if a developer has write access to a repo and opens a PR, CodeRabbit reviews it. Enterprise controls focus on seat management, repository scoping, organization-level configuration, and review policy enforcement. Prerequisites CodeRabbit Pro or Enterprise plan GitHub Organization admin or GitLab Group owner role CodeRabbit GitHub App installed on the organization Access to CodeRabbit dashboard at app.coderabbit.ai Access Control Model GitHub/GitLab Org Permissions │ ▼ ┌─────────────────────────┐ │ CodeRabbit GitHub App │ │ Repository Access: │ │ ├── All repositories │ ← Reviews every PR in the org │ └── Select repos only │ ← Reviews only selected repos └─────────┬───────────────┘ │ ▼ ┌─────────────────────────┐ │ Seat Assignment │ │ ├── Active committers │ ← Auto-assigns seats to PR authors │ └── Manual assignment │ ← Admin picks who gets seats └─────────┬───────────────┘ │ ▼ ┌─────────────────────────┐ │ .coderabbit.yaml │ │ ├── Org-level defaults │ ← .github repo │ └── Repo-level overrides│ ← Per-repo customization └─────────────────────────┘ Instructions Step 1: Control Repository Access # In GitHub > Organization > Settings > Installed Apps > CodeRabbit: Option A: "All repositories" (org-wide) - Every repo gets AI reviews automatically - New repos are covered immediately - Higher seat count (every PR author = seat) Option B: "Only select repositories" (targeted) - Choose which repos get AI reviews - Lower seat count - New repos must be manually added # Recommended: Start with Option B (select repos) # Add repos in tiers based on risk/value Step 2: Configure Seat Management # In CodeRabbit Dashboard > Organization > Subscription: 1. Seat Policy Options: - "Active committers" → Auto-assign to anyone who opens a PR - "Manual assignment" → Admin explicitly assigns seats 2. Exclude Bot Accounts: - dependabot[bot] - renovate[bot] - github-actions[bot] - Any CI service accounts 3. Monitor Seat Usage: - Active seats: developers who opened PRs in last 30 days - Idle seats: no PR activity in 30+ days → candidates for removal # Billing: ~$15/seat/month (Pro), custom (Enterprise) # Only PR authors consume seats, not reviewers or commenters Step 3: Set Organization-Level Defaults # .github/.coderabbit.yaml (in the .github repo) # Applied to ALL repos unless overridden by repo-level config language: "en-US" reviews: profi

coderabbit-hello-world SKILL.md View full skill → Create a minimal working CodeRabbit configuration and trigger your first AI review. ReadWriteEditBash(gh:*)Bash(git:*) CodeRabbit Hello World Overview Minimal working example demonstrating CodeRabbit AI code review. CodeRabbit reviews PRs automatically via a GitHub/GitLab App -- no SDK or API calls needed. You configure behavior through a .coderabbit.yaml file and interact via PR comments. Prerequisites CodeRabbit GitHub App installed (see coderabbit-install-auth) A repository with at least one branch Instructions Step 1: Create Minimal Configuration # .coderabbit.yaml (repository root) language: "en-US" reviews: profile: "assertive" high_level_summary: true auto_review: enabled: true drafts: false chat: auto_reply: true Step 2: Add Path-Specific Instructions # .coderabbit.yaml - add review context for better feedback reviews: profile: "assertive" high_level_summary: true auto_review: enabled: true drafts: false path_instructions: - path: "src/**/*.ts" instructions: "Check for proper TypeScript types. Flag any use of `any`." - path: "**/*.test.*" instructions: "Verify edge cases are covered. Check async handling." chat: auto_reply: true Step 3: Create a PR to Trigger Review set -euo pipefail git checkout -b feat/hello-coderabbit # Add the configuration file cat > .coderabbit.yaml << 'YAML' language: "en-US" reviews: profile: "assertive" high_level_summary: true auto_review: enabled: true drafts: false path_instructions: - path: "src/**" instructions: "Check for proper error handling and input validation." chat: auto_reply: true YAML git add .coderabbit.yaml git commit -m "feat: add CodeRabbit AI code review configuration" git push -u origin feat/hello-coderabbit gh pr create --title "feat: enable CodeRabbit AI code review" \ --body "Adding .coderabbit.yaml for automated code reviews" Step 4: Interact with CodeRabbit on the PR Once CodeRabbit posts its review (typically 2-5 minutes), you can interact: # In a PR comment, use these commands: @coderabbitai summary # Get a walkthrough of all changes @coderabbitai full review # Re-run a complete review from scratch @coderabbitai resolve # Mark all CodeRabbit comments as resolved @coderabbitai help # List all available commands # Reply to any CodeRabbit comment to have a conversation about the feedback # CodeRabbit will respond with context-aware explanations Step 5: Try the CLI for Local Reviews (Optional) set -euo pipefail # Review staged changes before committing git add -A cr review # Review with inte

coderabbit-incident-runbook SKILL.md View full skill → Execute CodeRabbit incident response procedures when reviews stop working or block PRs. ReadGrepBash(gh:*)Bash(curl:*)Bash(git:*) CodeRabbit Incident Runbook Overview Rapid incident response procedures when CodeRabbit stops reviewing PRs, blocks merges, or behaves incorrectly. Since CodeRabbit is a managed SaaS service, incidents fall into two categories: (1) CodeRabbit service outage (check their status page), or (2) local configuration/permission issues (fix on your side). Severity Levels Level Symptom Response Time Action P1 PRs blocked, cannot merge Immediate Bypass check, notify team P2 Reviews not posting < 1 hour Diagnose installation P3 Reviews delayed (> 15 min) < 4 hours Check service status P4 Incorrect reviews Next business day Tune configuration Instructions Step 1: Quick Triage (2 Minutes) set -euo pipefail echo "=== CodeRabbit Quick Triage ===" # 1. Check CodeRabbit status page echo "--- Service Status ---" STATUS=$(curl -sf https://status.coderabbit.ai 2>/dev/null && echo "REACHABLE" || echo "UNREACHABLE") echo "Status page: $STATUS" echo "Check manually: https://status.coderabbit.ai" echo "" echo "--- Decision ---" echo "If status.coderabbit.ai shows an incident:" echo " → CodeRabbit-side issue. Wait for resolution. Use bypass if blocking." echo "" echo "If status page is green:" echo " → Local issue. Check installation, config, permissions." Step 2: P1 Emergency -- PRs Blocked set -euo pipefail OWNER="${1:-your-org}" REPO="${2:-your-repo}" echo "=== P1: EMERGENCY BYPASS ===" # Option A: Remove CodeRabbit from required checks (temporary) echo "--- Option A: Remove Required Check ---" echo "gh api repos/$OWNER/$REPO/branches/main/protection --method DELETE" echo "(This removes ALL branch protection. Re-apply after incident.)" echo "" echo "--- Option B: Admin Merge ---" echo "Org admins can merge even when checks fail." echo "Settings > Branches > Branch protection > uncheck 'Include administrators'" echo "" echo "--- Option C: Force Re-Review ---" echo "On the blocked PR, post:" echo " @coderabbitai full review" echo "" echo "Wait 5 minutes. If no response, use Option A or B." Step 3: P2 -- Reviews Not Posting set -euo pipefail OWNER="${1:-your-org}" REPO="${2:-your-repo}" echo "=== P2: Reviews Not Posting ===" # Check installation echo "--- I

coderabbit-install-auth SKILL.md View full skill → Install and configure CodeRabbit AI code review on GitHub or GitLab repositories. ReadWriteEditBash(gh:*)Bash(curl:*) CodeRabbit Install & Auth Overview CodeRabbit is an AI-powered code review platform. It installs as a GitHub App (or GitLab integration) and automatically reviews pull requests. There is no SDK to install -- you configure it via a .coderabbit.yaml file and interact through PR comments. Optionally, install the CLI for local pre-commit reviews. Prerequisites GitHub organization admin or GitLab group owner permissions A repository to enable CodeRabbit on (Optional) Shell access for CLI installation Instructions Step 1: Install the CodeRabbit GitHub App 1. Navigate to https://github.com/apps/coderabbitai 2. Click "Install" and select your organization 3. Choose repository access: - "All repositories" for org-wide coverage - "Only select repositories" for targeted setup 4. Authorize the requested permissions (read code, write PR comments) 5. You will be redirected to app.coderabbit.ai to complete onboarding Step 2: Verify Installation set -euo pipefail # Confirm the GitHub App is installed on your repo gh api repos/YOUR_ORG/YOUR_REPO/installation --jq '.app_slug' # Expected output: coderabbitai Step 3: Create Base Configuration # .coderabbit.yaml (place in repository root) language: "en-US" reviews: profile: "assertive" # Options: chill, assertive request_changes_workflow: false high_level_summary: true poem: false review_status: true collapse_walkthrough: false sequence_diagrams: true auto_review: enabled: true drafts: false base_branches: - main - develop chat: auto_reply: true Step 4: Install the CLI (Optional) set -euo pipefail # Install CodeRabbit CLI for local pre-commit reviews curl -fsSL https://cli.coderabbit.ai/install.sh | sh # Verify installation cr --version Step 5: Trigger Your First Review set -euo pipefail # Create a test branch and PR to verify CodeRabbit is active git checkout -b test/coderabbit-verification echo "// test change" >> src/index.ts git add src/index.ts && git commit -m "test: verify coderabbit integration" git push -u origin test/coderabbit-verification gh pr create --title "test: verify CodeRabbit" --body "Testing CodeRabbit integration" # CodeRabbit will post a review within 2-5 minutes # Check the PR for the walkthrough comment and line-level feedback GitLab Setup (Alternative) 1. Navigate to app.coderabbit.ai and sign in with GitLab 2. Select your GitLab group during onboarding 3. Provide a GitLab access token with api and read_repository scopes 4. CodeRab

coderabbit-local-dev-loop SKILL.md View full skill → Configure CodeRabbit CLI for local pre-commit code reviews and fast iteration. ReadWriteEditBash(cr:*)Bash(git:*)Bash(npm:*)Grep CodeRabbit Local Dev Loop Overview Use CodeRabbit CLI to review code locally before opening a PR. The CLI provides the same AI-powered review as the GitHub App but runs in your terminal against staged or unstaged changes. This creates a multi-layered review process: local CLI review before commit, then automated PR review after push. Prerequisites CodeRabbit CLI installed (curl -fsSL https://cli.coderabbit.ai/install.sh | sh) Git repository with .coderabbit.yaml configuration CodeRabbit account (CLI uses credits: $0.25 per file reviewed) Instructions Step 1: Install and Verify CLI set -euo pipefail # Install CodeRabbit CLI curl -fsSL https://cli.coderabbit.ai/install.sh | sh # Verify installation cr --version # Authenticate (opens browser for OAuth) cr auth login Step 2: Local Review Workflow set -euo pipefail # Review all staged changes (most common workflow) git add -A cr review # Review specific files only cr review src/api/routes.ts src/middleware/auth.ts # Interactive mode: ask follow-up questions about review feedback cr review --interactive # Plain output mode (pipe to other tools or AI agents) cr review --prompt-only Step 3: Git Hook Integration #!/bin/bash # .git/hooks/pre-push (make executable: chmod +x .git/hooks/pre-push) set -euo pipefail echo "Running CodeRabbit pre-push review..." # Get list of changed files vs remote CHANGED_FILES=$(git diff --name-only @{push}.. 2>/dev/null || git diff --name-only HEAD~1) if [ -n "$CHANGED_FILES" ]; then echo "$CHANGED_FILES" | xargs cr review # Non-blocking: show review but don't prevent push # To make blocking, check exit code: # echo "$CHANGED_FILES" | xargs cr review || { # echo "CodeRabbit found issues. Push anyway? (y/n)" # read -r response # [ "$response" != "y" ] && exit 1 # } fi Step 4: Configuration for Local Development # .coderabbit.yaml - Settings that affect both CLI and PR reviews language: "en-US" reviews: profile: "assertive" path_instructions: - path: "src/**" instructions: "Check for proper error handling and type safety." - path: "tests/**" instructions: "Verify edge cases and assertion completeness." path_filters: - "!**/*.lock" - "!dist/**" - "!**/*.generated.*" auto_review: enabled: true drafts: false chat: auto_reply: true Step 5: IDE Integration Pattern // .vscode/tasks.json - Run CodeRabbit review from VS Code { "version": "2.0.0", "tasks":

coderabbit-migration-deep-dive SKILL.md View full skill → Migrate to CodeRabbit from other code review tools or roll out across a large organization. ReadWriteEditBash(gh:*)Bash(git:*)Grep CodeRabbit Migration Deep Dive Overview Comprehensive guide for migrating to CodeRabbit from other AI code review tools (Codacy, SonarCloud, DeepSource, Sourcery) or from manual-only code review. Covers assessment, phased rollout, configuration transfer, team buy-in, and measuring success. Prerequisites GitHub/GitLab organization admin access Inventory of current review tools and their configurations Understanding of team review workflows Budget approval for CodeRabbit seats Migration Types From Complexity Duration Key Challenge Manual-only reviews Low 1-2 weeks Team adoption Codacy / SonarCloud Medium 2-3 weeks Rule translation DeepSource / Sourcery Medium 2-3 weeks Config migration Custom review bots High 3-4 weeks Workflow redesign Multiple tools High 4-6 weeks Consolidation Instructions Step 1: Assess Current State set -euo pipefail ORG="${1:-your-org}" echo "=== Code Review Tool Assessment ===" # Check for existing review tools echo "--- Installed GitHub Apps ---" gh api "orgs/$ORG/installations" --jq '.installations[] | "\(.app_slug) (ID: \(.id))"' 2>/dev/null echo "" echo "--- Review Tool Config Files ---" for REPO in $(gh repo list "$ORG" --limit 20 --json name --jq '.[].name'); do # Check for common review tool configs for CONFIG in ".codacy.yml" "sonar-project.properties" ".deepsource.toml" ".sourcery.yaml" ".coderabbit.yaml"; do EXISTS=$(gh api "repos/$ORG/$REPO/contents/$CONFIG" --jq '.name' 2>/dev/null || echo "") if [ -n "$EXISTS" ]; then echo " $REPO: $CONFIG" fi done done Step 2: Map Review Rules to CodeRabbit Path Instructions # Common rule translations: # Codacy / SonarCloud "code smells" → CodeRabbit path_instructions # Before (Codacy): # rules: # - id: "javascript/complexity" # - id: "javascript/error-handling" # # After (CodeRabbit): reviews: path_instructions: - path: "src/**/*.ts" instructions: | Check for: - Functions with cyclomatic complexity > 10 (suggest refactoring) - Missing error handling in async operations - Empty catch blocks - Unused variables and imports # DeepSource "analyzer" → CodeRabbit path_instructions # Before (DeepSource): # analyzers: # - name: javasc

coderabbit-multi-env-setup SKILL.md View full skill → Configure CodeRabbit review behavior per branch and environment using path instructions and base branches. ReadWriteEditBash(gh:*)Bash(git:*) CodeRabbit Multi-Environment Setup Overview Configure CodeRabbit review behavior based on branch targets and environments. CodeRabbit reads .coderabbit.yaml from the PR's base branch, allowing different review configurations per branch. This enables stricter reviews for production branches, relaxed reviews for development, and custom instructions per environment. Prerequisites CodeRabbit GitHub App installed on repository Branch strategy defined (e.g., GitFlow, trunk-based, GitHub Flow) .coderabbit.yaml committed to each relevant branch How Branch-Based Config Works Developer opens PR: feature/auth → develop CodeRabbit reads: .coderabbit.yaml from develop branch Profile: "chill" (development, quick iteration) Developer opens PR: develop → main CodeRabbit reads: .coderabbit.yaml from main branch Profile: "assertive" (production, thorough review) Developer opens PR: hotfix/fix → release/v2.1 CodeRabbit reads: .coderabbit.yaml from release/v2.1 branch Profile: "assertive" + security-focused instructions Instructions Step 1: Configure Development Branch (Relaxed) # .coderabbit.yaml on develop branch language: "en-US" reviews: profile: "chill" # Fewer comments for rapid iteration request_changes_workflow: false # Don't block merges to develop high_level_summary: true sequence_diagrams: false # Skip diagrams for dev PRs auto_review: enabled: true drafts: false base_branches: - develop ignore_title_keywords: - "WIP" - "DO NOT MERGE" - "experiment" path_filters: - "!**/*.lock" - "!**/*.snap" - "!dist/**" - "!**/*.generated.*" path_instructions: - path: "**" instructions: | Development branch review: - Only flag bugs, security issues, and obvious errors - Do NOT comment on code style, naming, or formatting - Do NOT suggest refactoring unless it fixes a bug chat: auto_reply: true Step 2: Configure Production Branch (Strict) # .coderabbit.yaml on main branch language: "en-US" reviews: profile: "assertive" # Thorough review for production request_changes_workflow: true # Block merge on issues high_level_summary: true high_level_summary_in_walkthrough: true sequence_diagrams: true review_status: true auto_review: enabled: true drafts: false base_branches: - main path_filters: - "!**/*.lock" - "!**/*.snap" - "!dist/**" - "!vendor/**" path_instructions: - path: "**" instructions:

coderabbit-observability SKILL.md View full skill → Monitor CodeRabbit review effectiveness with metrics, dashboards, and alerts. ReadWriteEditBash(gh:*)Bash(node:*) CodeRabbit Observability Overview Monitor CodeRabbit AI code review effectiveness, review latency, and team adoption. Key metrics include time-to-first-review (how fast CodeRabbit posts after PR creation), comment acceptance rate (comments resolved vs dismissed), review coverage (percentage of PRs reviewed), and per-repository review volume. Prerequisites CodeRabbit installed on GitHub/GitLab organization GitHub CLI (gh) authenticated with org access Access to CodeRabbit dashboard at app.coderabbit.ai Key Metrics Metric Target Why It Matters Review coverage > 90% PRs without review = blind spots Time-to-review < 5 min Fast feedback keeps developers in flow Comment acceptance > 40% Low acceptance = noisy reviews Comments per PR 3-8 Too many = fatigue, too few = not useful Review state: APPROVED > 60% High approval = clean code culture Instructions Step 1: Measure Review Coverage #!/bin/bash # coderabbit-coverage.sh - Review coverage for a repo set -euo pipefail ORG="${1:?Usage: $0 <org> <repo> [days]}" REPO="${2:?Usage: $0 <org> <repo> [days]}" DAYS="${3:-30}" echo "=== CodeRabbit Review Coverage ===" echo "Repository: $ORG/$REPO" echo "Period: Last $DAYS days" echo "" TOTAL=0 REVIEWED=0 APPROVED=0 CHANGES_REQUESTED=0 SINCE=$(date -d "$DAYS days ago" +%Y-%m-%dT%H:%M:%SZ 2>/dev/null || date -v-${DAYS}d +%Y-%m-%dT%H:%M:%SZ) for PR_NUM in $(gh api "repos/$ORG/$REPO/pulls?state=all&per_page=50&sort=created&direction=desc" \ --jq ".[] | select(.created_at > \"$SINCE\") | .number"); do TOTAL=$((TOTAL + 1)) CR_STATE=$(gh api "repos/$ORG/$REPO/pulls/$PR_NUM/reviews" \ --jq '[.[] | select(.user.login=="coderabbitai[bot]")] | last | .state // "none"' 2>/dev/null || echo "none") if [ "$CR_STATE" != "none" ] && [ "$CR_STATE" != "null" ]; then REVIEWED=$((REVIEWED + 1)) [ "$CR_STATE" = "APPROVED" ] && APPROVED=$((APPROVED + 1)) [ "$CR_STATE" = "CHANGES_REQUESTED" ] && CHANGES_REQUESTED=$((CHANGES_REQUESTED + 1)) fi done if [ "$TOTAL" -gt 0 ]; then echo "Total PRs: $TOTAL" echo "Reviewed by CodeRabbit: $REVIEWED ($(( REVIEWED * 100 / TOTAL ))%)" echo " Approved: $APPROVED" echo " Changes Requested: $CHANGES_REQUESTED" else echo "No PRs found in the last

coderabbit-performance-tuning SKILL.md View full skill → Optimize CodeRabbit review speed, relevance, and signal-to-noise ratio. ReadWriteEditBash(gh:*) CodeRabbit Performance Tuning Overview Optimize CodeRabbit review speed, relevance, and developer experience. Review time is primarily a function of PR size. Comment quality is controlled by profile selection, path instructions, and learnings. This skill covers all the levers for tuning CodeRabbit to your team's needs. Prerequisites CodeRabbit installed and producing reviews .coderabbit.yaml in repository root Several PRs worth of review history to evaluate Performance Factors Factor Impact You Control? PR size (lines changed) Review speed (2-15 min) Yes -- keep PRs small Profile (chill/assertive) Comment volume Yes -- .coderabbit.yaml Path instructions Comment relevance Yes -- .coderabbit.yaml Path filters Files reviewed Yes -- .coderabbit.yaml Learnings Long-term quality Yes -- via PR comment feedback CodeRabbit service load Review latency No -- check status page Instructions Step 1: Optimize PR Size for Faster Reviews # PR size directly impacts review speed and quality | PR Size | Review Time | Review Quality | |---------|------------|----------------| | < 200 lines | 2-3 min | Excellent -- focused, actionable | | 200-500 lines | 3-7 min | Good -- catches most issues | | 500-1000 lines | 7-12 min | Moderate -- may miss nuanced issues | | 1000+ lines | 12-15+ min | Low -- too much context | # Enforce PR size limits with CI: # .github/workflows/pr-size.yml name: PR Size Check on: [pull_request] jobs: check: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 with: fetch-depth: 0 - name: Check PR size run: | TOTAL=$(git diff --stat origin/${{ github.base_ref }}...HEAD | tail -1 | \ grep -oP '\d+ insertion|d+ deletion' | grep -oP '\d+' | \ awk '{sum+=$1} END {print sum+0}') echo "Lines changed: $TOTAL" if [ "$TOTAL" -gt 500 ]; then echo "::warning::Large PR ($TOTAL lines). Consider splitting for better CodeRabbit review quality." fi Step 2: Choose the Right Review Profile # .coderabbit.yaml - Profile comparison reviews: profile: "assertive" # Start here, tune based on team feedback # Profile decision guide: # # "chill": # - 1-3 comments per PR # - Only critical issues and bugs # - Best for: senior teams, high-trust environments # - Warning: may miss

coderabbit-prod-checklist SKILL.md View full skill → Execute CodeRabbit production readiness checklist for org-wide deployment. ReadBash(gh:*)Bash(git:*)Grep CodeRabbit Production Checklist Overview Complete checklist for deploying CodeRabbit as a production merge gate. Covers the transition from "optional AI review" to "required status check that blocks merges." Ensures configuration is tuned, team is onboarded, and fallback procedures are documented. Prerequisites CodeRabbit installed and running in non-blocking mode for 1-2 weeks Team has seen CodeRabbit reviews and provided feedback .coderabbit.yaml tuned based on pilot feedback GitHub organization admin access Instructions Step 1: Pre-Launch Configuration Audit # Run through each item before going live: ## App Installation - [ ] CodeRabbit GitHub App installed on all target repos - [ ] Repository access scoped correctly (all repos vs select) - [ ] Seat assignment policy set (active committers vs manual) - [ ] Bot accounts excluded from seats (dependabot, renovate) ## Configuration - [ ] `.coderabbit.yaml` committed to main branch - [ ] YAML syntax validated (no parse errors) - [ ] `auto_review.enabled: true` - [ ] `auto_review.drafts: false` (skip draft PRs) - [ ] `base_branches` includes all target branches (main, develop) - [ ] `path_filters` excludes generated/lock/vendor files - [ ] `path_instructions` configured for key directories - [ ] `chat.auto_reply: true` ## Review Behavior - [ ] Profile set to "assertive" (or team's preferred level) - [ ] `request_changes_workflow` decision documented: - `true`: CodeRabbit blocks merge when issues found - `false`: CodeRabbit only comments (non-blocking) - [ ] Org-level defaults in `.github/.coderabbit.yaml` if multi-repo Step 2: Validate Configuration set -euo pipefail echo "=== CodeRabbit Production Readiness Check ===" # 1. YAML syntax echo "--- Config Validation ---" if [ -f .coderabbit.yaml ]; then python3 -c " import yaml, sys try: config = yaml.safe_load(open('.coderabbit.yaml')) print('YAML syntax: PASS') reviews = config.get('reviews', {}) auto = reviews.get('auto_review', {}) checks = { 'auto_review.enabled': auto.get('enabled', False) == True, 'auto_review.drafts': auto.get('drafts', True) == False, 'path_filters configured': len(reviews.get('path_filters', [])) > 0, 'path_instructions configured': len(reviews.get('path_instructions', [])) > 0, 'chat.auto_reply': config.get('chat', {}).get('auto_reply', False) == True, } for name, passed in checks.items(): status = 'PASS' if passed else 'WARN' print(f' {name}: {status}') if all(checks.values()): print('Overall: READY FOR PRODUCTION') else:

coderabbit-rate-limits SKILL.md View full skill → Understand and handle CodeRabbit and GitHub API rate limits for review automation. ReadWriteEditBash(gh:*)Bash(curl:*) CodeRabbit Rate Limits Overview CodeRabbit rate limits apply at two levels: (1) CodeRabbit's own processing limits on how many reviews it can run concurrently, and (2) GitHub API rate limits when you build automation that queries CodeRabbit review data. This skill covers both and provides patterns for handling limits gracefully. Prerequisites CodeRabbit installed on repository GitHub CLI (gh) or API access for automation Understanding of GitHub rate limit headers Rate Limit Tiers CodeRabbit Review Processing Factor Limit Notes Concurrent reviews per org Varies by plan Free: 1, Pro: 5, Enterprise: custom Max PR size ~3000 files Larger PRs may timeout Re-review cooldown ~30 seconds Between @coderabbitai full review commands Command rate ~10/minute/repo PR comment commands GitHub API (Affects Automation Scripts) Tier Rate Limit Reset Window Unauthenticated 60 req/hour Rolling Personal Access Token 5,000 req/hour Rolling GitHub App 5,000 req/hour/installation Rolling gh CLI 5,000 req/hour Rolling Instructions Step 1: Check Current GitHub API Rate Limit set -euo pipefail # Check your current rate limit status gh api rate_limit --jq '{ core: { limit: .resources.core.limit, remaining: .resources.core.remaining, reset: (.resources.core.reset | todate) }, search: { limit: .resources.search.limit, remaining: .resources.search.remaining, reset: (.resources.search.reset | todate) } }' Step 2: Handle Rate Limits in Automation Scripts #!/bin/bash # rate-safe-query.sh - GitHub API queries with rate limit awareness set -euo pipefail ORG="${1:?Usage: $0 <org> <repo>}" REPO="${2:?Usage: $0 <org> <repo>}" # Check remaining rate limit before bulk queries REMAINING=$(gh api rate_limit --jq '.resources.core.remaining') echo "GitHub API calls remaining: $REMAINING" if [ "$REMAINING" -lt 100 ]; then RESET=$(gh api rate_limit --jq '.resources.core.reset | todate') echo "WARNING: Low rate limit. Resets at $RESET" echo "Consider waiting or reducing query scope." exit 1 fi # Safe pagination: process in small batches PAGE=1 PER_PAGE=10 while true; do RESULT=$(gh api "repos/$ORG/$REPO/pulls?state=closed&per_page=$PER_PAG

coderabbit-reference-architecture SKILL.md View full skill → Implement CodeRabbit reference architecture with production-grade . ReadWriteEditBash(gh:*)Grep CodeRabbit Reference Architecture Overview Complete reference architecture for CodeRabbit AI code review in a production team. Covers the full configuration file, path-specific review instructions per project type, tool integrations, CI pipeline integration, and the review lifecycle. Use this as a starting template and customize for your team. Architecture Diagram Developer pushes code │ ▼ ┌─────────────────────────┐ │ Pull Request │ │ (targets base branch) │ └─────────┬───────────────┘ │ ▼ ┌─────────────────────────┐ │ CodeRabbit AI Review │ │ Reads: .coderabbit.yaml│ │ from base branch │ │ │ │ Outputs: │ │ ├── Walkthrough summary│ │ ├── Sequence diagrams │ │ ├── Line-level comments│ │ └── Review state │ └─────────┬───────────────┘ │ ┌─────┴──────┐ │ │ ▼ ▼ ┌────────┐ ┌────────────┐ │ APPROVED│ │ CHANGES │ │ │ │ REQUESTED │ └────┬───┘ └─────┬──────┘ │ │ ▼ ▼ Merge Developer fixes (if branch and pushes protection (incremental passes) re-review) Instructions Step 1: Full Reference Configuration # .coderabbit.yaml - Production Reference Architecture # Copy this file and customize for your project. language: "en-US" early_access: false # Tone customization tone_instructions: | Be concise and direct. Use bullet points for multiple suggestions. Include code examples for non-obvious fixes. Rate severity: Critical > Warning > Suggestion > Nitpick. reviews: # Review behavior profile: "assertive" request_changes_workflow: true high_level_summary: true high_level_summary_in_walkthrough: true review_status: true collapse_walkthrough: false sequence_diagrams: true poem: false # Automatic review triggers auto_review: enabled: true drafts: false base_branches: - main - develop - "release/*" ignore_title_keywords: - "WIP" - "DO NOT MERGE" - "chore: bump" - "chore(deps)" # File exclusions (skip files with no review value) path_filters: - "!**/*.lock" - "!**/package-lock.json" - "!**/pnpm-lock.yaml" - "!**/yarn.lock" - "!**/*.snap" - "!**/*.generated.*" - "!**/generated/**" - "!dist/**" - "!build/**" - "!**/*.min.js" - "!**/*.min.css" - "!vendor/**" - "!**/__mocks__/**" - "!**/fixtures/**" # Path-specific review instructions path_instructions: # API layer - path: "src/api/**" instructions: | Review for: - Input validation on all re

coderabbit-sdk-patterns SKILL.md View full skill → Apply production-ready CodeRabbit automation patterns using GitHub API and PR comments. ReadWriteEditBash(gh:*)Bash(node:*) CodeRabbit SDK Patterns Overview CodeRabbit does not have a traditional SDK. You interact with it through .coderabbit.yaml configuration, PR comment commands (@coderabbitai), and the GitHub/GitLab API to process its review output. These patterns show how to automate around CodeRabbit reviews programmatically. Prerequisites CodeRabbit installed on repository (see coderabbit-install-auth) GitHub CLI (gh) or GitHub API access via personal access token Node.js 18+ for automation scripts Instructions Step 1: Fetch CodeRabbit Reviews via GitHub API // scripts/fetch-coderabbit-reviews.ts import { Octokit } from "@octokit/rest"; const octokit = new Octokit({ auth: process.env.GITHUB_TOKEN }); async function getCodeRabbitReview(owner: string, repo: string, prNumber: number) { const reviews = await octokit.pulls.listReviews({ owner, repo, pull_number: prNumber }); const coderabbitReview = reviews.data.find( (r) => r.user?.login === "coderabbitai[bot]" ); if (!coderabbitReview) { console.log("No CodeRabbit review found yet. Review typically takes 2-5 minutes."); return null; } return { state: coderabbitReview.state, // "APPROVED" | "CHANGES_REQUESTED" | "COMMENTED" body: coderabbitReview.body, // Walkthrough summary submittedAt: coderabbitReview.submitted_at, }; } Step 2: Extract Line-Level Comments async function getCodeRabbitComments(owner: string, repo: string, prNumber: number) { const comments = await octokit.pulls.listReviewComments({ owner, repo, pull_number: prNumber, }); const coderabbitComments = comments.data .filter((c) => c.user?.login === "coderabbitai[bot]") .map((c) => ({ file: c.path, line: c.line || c.original_line, body: c.body, severity: categorizeSeverity(c.body), url: c.html_url, })); return coderabbitComments; } function categorizeSeverity(body: string): "critical" | "warning" | "suggestion" { const lower = body.toLowerCase(); if (lower.includes("security") || lower.includes("vulnerability") || lower.includes("injection")) { return "critical"; } if (lower.includes("bug") || lower.includes("error") || lower.includes("issue")) { return "warning"; } return "suggestion"; } Step 3: Post Commands to CodeRabbit via PR Comments // Programmatically trigger CodeRabbit actions async function sendCodeRabbitCommand( owner: string, repo: string, prNumber: number, command: string ) { await octokit.issues.createComment({ owner, r

coderabbit-security-basics SKILL.md View full skill → Configure CodeRabbit for security-focused code review with secret detection and vulnerability scanning. ReadWriteEditBash(gh:*)Grep CodeRabbit Security Basics Overview Configure CodeRabbit to catch security vulnerabilities, hardcoded secrets, and insecure patterns in pull requests. CodeRabbit's AI review can detect security issues that static analysis tools miss because it understands code context and intent. This skill covers security-focused configuration, secret detection instructions, and compliance-oriented review policies. Prerequisites CodeRabbit installed on repository .coderabbit.yaml in repository root Understanding of security requirements for your codebase Security Coverage Category CodeRabbit Detection Complementary Tool Hardcoded secrets Path instructions + AI detection GitHub Secret Scanning, GitLeaks SQL injection Path instructions for DB code SonarCloud, Semgrep XSS vulnerabilities Path instructions for frontend ESLint security plugins Auth bypass Path instructions for auth code Manual review Insecure dependencies Limited (reviews import patterns) Dependabot, Renovate OWASP Top 10 Path instructions covering each risk Dedicated SAST tools Instructions Step 1: Configure Security-Focused Review # .coderabbit.yaml - Security-hardened configuration language: "en-US" reviews: profile: "assertive" request_changes_workflow: true # Block merge on security findings auto_review: enabled: true drafts: false base_branches: [main, develop] # Exclude secrets files from AI processing path_filters: - "!**/.env*" - "!**/credentials*" - "!**/secrets*" - "!**/*.pem" - "!**/*.key" - "!**/*.p12" - "!**/*.pfx" - "!**/serviceAccountKey*" - "!**/terraform.tfstate*" - "!**/*.tfvars" - "!**/*.lock" - "!dist/**" - "!vendor/**" path_instructions: # Global security rules - path: "**" instructions: | SECURITY REVIEW: Flag any of these as HIGH severity: - Hardcoded API keys, tokens, passwords, or connection strings - AWS access keys (AKIA...), GCP service account keys - Private keys or certificates in source code - JWT secrets or signing keys - Database credentials in code (not env vars) - Webhook URLs with tokens in query parameters - Disabled SSL/TLS verification - eval() or equivalent dynamic code execution # API security - path: "src/api/**" instructions: | API security checks: -

coderabbit-upgrade-migration SKILL.md View full skill → Update CodeRabbit configuration for new features, migrate between plans, and adopt new capabilities. ReadWriteEditBash(gh:*)Bash(git:*) CodeRabbit Upgrade & Migration Overview CodeRabbit is a managed SaaS service -- there is no SDK to upgrade. Configuration changes happen by updating .coderabbit.yaml in your repository. This skill covers adopting new CodeRabbit features, upgrading between plans, migrating configuration formats, and staying current with CodeRabbit capabilities. Prerequisites CodeRabbit installed on repository .coderabbit.yaml in repository root Access to CodeRabbit dashboard at app.coderabbit.ai Upgrade Paths From To What Changes Free Pro Private repos, more concurrent reviews, all features Pro Enterprise SSO, dedicated support, SLA, custom limits Old config format New format Updated YAML schema fields Basic config Advanced config Path instructions, learnings, finishing touches Instructions Step 1: Check Current Configuration vs Latest Schema # On any open PR, post this comment: @coderabbitai configuration # CodeRabbit replies with the active config as YAML. # Compare with the latest schema documentation to find: # 1. Deprecated fields you're still using # 2. New fields available that you're not using # 3. Fields with changed default values Step 2: Upgrade Free to Pro Plan # What you gain with Pro: 1. Private repository support (Free = public only) 2. More concurrent reviews (Free = 1, Pro = 5) 3. Learnings (CodeRabbit remembers your feedback preferences) 4. Finishing Touches (auto-generate docstrings, custom recipes) 5. Full path instructions and review customization 6. Priority review processing # Steps: 1. Go to app.coderabbit.ai > Organization > Subscription 2. Select Pro plan 3. Set seat assignment policy (active committers recommended) 4. Add payment method 5. Seats activate immediately for all configured repos Step 3: Adopt New Configuration Features # .coderabbit.yaml - Modern configuration with latest features language: "en-US" early_access: false # Set true to try beta features reviews: profile: "assertive" request_changes_workflow: true high_level_summary: true high_level_summary_in_walkthrough: true # Summary inside walkthrough comment review_status: true collapse_walkthrough: false sequence_diagrams: true # Visual control flow diagrams poem: false auto_review: enabled: true drafts: false base_branches: - main - develop ignore_title_keywords: - "WIP" - "DO NOT MERGE" - "chore: bump" path_filte

coderabbit-webhooks-events SKILL.md View full skill → Implement CodeRabbit webhook signature validation and event handling. ReadWriteEditBash(curl:*) CodeRabbit Webhooks & Events Overview Handle CodeRabbit events triggered through GitHub and GitLab integrations. CodeRabbit posts AI-powered code review comments on pull requests. Prerequisites CodeRabbit installed on your GitHub or GitLab repository GitHub webhook endpoint configured for PR events GitHub App or personal access token for API access .coderabbit.yaml configuration in repository root Event Types Event Source Payload pullrequestreview GitHub webhook Review body, state (approved/changes_requested) pullrequestreview_comment GitHub webhook Line comment, diff position, file path check_run.completed GitHub Checks API CodeRabbit analysis results, conclusion issue_comment.created GitHub webhook Summary comment, walkthrough pull_request.labeled GitHub webhook Labels applied by CodeRabbit Instructions Step 1: Configure GitHub Webhook Receiver import express from "express"; import crypto from "crypto"; const app = express(); app.post("/webhooks/github", express.raw({ type: "application/json" }), async (req, res) => { const signature = req.headers["x-hub-signature-256"] as string; # 256 bytes const secret = process.env.GITHUB_WEBHOOK_SECRET!; const expected = "sha256=" + crypto .createHmac("sha256", secret) .update(req.body) .digest("hex"); if (!crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(expected))) { return res.status(401).json({ error: "Invalid signature" }); # HTTP 401 Unauthorized } const event = req.headers["x-github-event"] as string; const payload = JSON.parse(req.body.toString()); res.status(200).json({ received: true }); # HTTP 200 OK await routeCodeRabbitEvent(event, payload); } ); Step 2: Filter and Route CodeRabbit Events async function routeCodeRabbitEvent(event: string, payload: any) { const isCodeRabbit = payload?.sender?.login === "coderabbitai[bot]"; if (!isCodeRabbit && event !== "check_run") return; switch (event) { case "pull_request_review": await handleCodeRabbitReview(payload); break; case "pull_request_review_comment": await handleReviewComment(payload); break; case "check_run": if (payload.check_run?.app?.slug === "coderabbitai") { await handleChe

Symptom	Category	Jump To
No review posted on PR	Installation/Permissions	Error 1
Review on some PRs but not others	Configuration	Error 2-4
Too many comments / noise	Tuning	Error 5
Config changes not taking effect	YAML Issues	Error 6
Bot not responding to commands	Interaction	Error 7
Review takes too long	Performance	Error 8

Plan	Price	Includes
Free	$0	Public repos, limited reviews
Pro	~$15/seat/month	Unlimited reviews, all features
Enterprise	Custom	SSO, dedicated support, SLA

Level	Symptom	Response Time	Action
P1	PRs blocked, cannot merge	Immediate	Bypass check, notify team
P2	Reviews not posting	< 1 hour	Diagnose installation
P3	Reviews delayed (> 15 min)	< 4 hours	Check service status
P4	Incorrect reviews	Next business day	Tune configuration

From	Complexity	Duration	Key Challenge
Manual-only reviews	Low	1-2 weeks	Team adoption
Codacy / SonarCloud	Medium	2-3 weeks	Rule translation
DeepSource / Sourcery	Medium	2-3 weeks	Config migration
Custom review bots	High	3-4 weeks	Workflow redesign
Multiple tools	High	4-6 weeks	Consolidation

Metric	Target	Why It Matters
Review coverage	> 90%	PRs without review = blind spots
Time-to-review	< 5 min	Fast feedback keeps developers in flow
Comment acceptance	> 40%	Low acceptance = noisy reviews
Comments per PR	3-8	Too many = fatigue, too few = not useful
Review state: APPROVED	> 60%	High approval = clean code culture

Factor	Impact	You Control?
PR size (lines changed)	Review speed (2-15 min)	Yes -- keep PRs small
Profile (chill/assertive)	Comment volume	Yes -- `.coderabbit.yaml`
Path instructions	Comment relevance	Yes -- `.coderabbit.yaml`
Path filters	Files reviewed	Yes -- `.coderabbit.yaml`
Learnings	Long-term quality	Yes -- via PR comment feedback
CodeRabbit service load	Review latency	No -- check status page

Factor	Limit	Notes
Concurrent reviews per org	Varies by plan	Free: 1, Pro: 5, Enterprise: custom
Max PR size	~3000 files	Larger PRs may timeout
Re-review cooldown	~30 seconds	Between `@coderabbitai full review` commands
Command rate	~10/minute/repo	PR comment commands

Tier	Rate Limit	Reset Window
Unauthenticated	60 req/hour	Rolling
Personal Access Token	5,000 req/hour	Rolling
GitHub App	5,000 req/hour/installation	Rolling
`gh` CLI	5,000 req/hour	Rolling

Category	CodeRabbit Detection	Complementary Tool
Hardcoded secrets	Path instructions + AI detection	GitHub Secret Scanning, GitLeaks
SQL injection	Path instructions for DB code	SonarCloud, Semgrep
XSS vulnerabilities	Path instructions for frontend	ESLint security plugins
Auth bypass	Path instructions for auth code	Manual review
Insecure dependencies	Limited (reviews import patterns)	Dependabot, Renovate
OWASP Top 10	Path instructions covering each risk	Dedicated SAST tools

From	To	What Changes
Free	Pro	Private repos, more concurrent reviews, all features
Pro	Enterprise	SSO, dedicated support, SLA, custom limits
Old config format	New format	Updated YAML schema fields
Basic config	Advanced config	Path instructions, learnings, finishing touches

Event	Source	Payload
`pullrequestreview`	GitHub webhook	Review body, state (approved/changes_requested)
`pullrequestreview_comment`	GitHub webhook	Line comment, diff position, file path
`check_run.completed`	GitHub Checks API	CodeRabbit analysis results, conclusion
`issue_comment.created`	GitHub webhook	Summary comment, walkthrough
`pull_request.labeled`	GitHub webhook	Labels applied by CodeRabbit

coderabbit-pack

Installation

Skills (24)

CodeRabbit CI Integration

Overview

Prerequisites

Instructions

Step 1: Enable CodeRabbit as a Required Status Check

Step 2: Configure Review Approval Behavior

Step 3: Create a Review Gate Workflow

CodeRabbit Common Errors

Overview

Prerequisites

Instructions

Step 1: Identify Your Issue Category

Error 1: No Review Posted on PR

Error 2: Reviews Only on Some Branches

Error 3: Reviews Skip Certain PRs

CodeRabbit Core Workflow A: Automated PR Review

Overview

Prerequisites

Instructions

Step 1: Configure the Review Pipeline

Step 2: Understand the Review Lifecycle

CodeRabbit Core Workflow B: Learnings & Tuning

Overview

Prerequisites

Instructions

Step 1: Configure Code Guidelines

Step 2: Train with Learnings via PR Feedback

Step 3: Customize Review Tone

CodeRabbit Cost Tuning

Overview

Prerequisites

Pricing Model

Instructions

Step 1: Audit Seat Utilization

Step 2: Set Seat Policy to Active Committers Only

Step 3: Focus Reviews on High-Value Repos

Step 4: Exclude Low-Value Files from Reviews

CodeRabbit Data Handling

Overview

Prerequisites

Instructions

Step 1: Exclude Sensitive Files from Review

Step 2: Secret Detection Instructions

Step 3: Review Data Scope Management

CodeRabbit Debug Bundle

Overview

Prerequisites

Instructions

Step 1: Check CodeRabbit Installation Status

Step 2: Validate Configuration

CodeRabbit Deploy Integration

Overview

Prerequisites

Instructions

Step 1: Plan the Rollout

Step 2: Create Organization-Level Configuration

Step 3: Create Team-Specific Repo Configs

CodeRabbit Enterprise RBAC

Overview

Prerequisites

Access Control Model

Instructions

Step 1: Control Repository Access

Step 2: Configure Seat Management

Step 3: Set Organization-Level Defaults

CodeRabbit Hello World

Overview

Prerequisites

Instructions

Step 1: Create Minimal Configuration

Step 2: Add Path-Specific Instructions

Step 3: Create a PR to Trigger Review

Step 4: Interact with CodeRabbit on the PR

Step 5: Try the CLI for Local Reviews (Optional)

CodeRabbit Incident Runbook

Overview

Severity Levels