-
Notifications
You must be signed in to change notification settings - Fork 62
Expand file tree
/
Copy path.coderabbit.yaml
More file actions
145 lines (131 loc) · 6.13 KB
/
Copy path.coderabbit.yaml
File metadata and controls
145 lines (131 loc) · 6.13 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
# yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json
language: "en-US"
tone_instructions: "Be concise and direct. Focus on correctness, security, and API contract adherence. This is an Auth0 SDK — any deviation from expected authentication/token behaviors is high severity."
early_access: false
reviews:
profile: "assertive"
request_changes_workflow: false
high_level_summary: true
high_level_summary_placeholder: "@coderabbitai summary"
auto_title_placeholder: "@coderabbitai"
review_status: true
commit_status: true
collapse_walkthrough: false
sequence_diagrams: true
auto_review:
enabled: true
drafts: false
base_branches:
- main
- "beta-release/.*"
- "release/.*"
# Ignore generated, example, and lock files
path_filters:
# Example app — not part of the published SDK
- "!**/example/**"
# Appium/E2E test infra
- "!appium-test/**"
# Dart generated files
- "!**/*.g.dart"
- "!**/*.mocks.dart"
- "!**/doc/api/**"
- "!**/.dart_tool/**"
- "!**/.flutter-plugins"
- "!**/.flutter-plugins-dependencies"
# Build outputs
- "!**/build/**"
- "!**/coverage/**"
- "!**/DerivedData/**"
# iOS/macOS symlinks — real source is auth0_flutter/darwin/Classes/
# Reviewing these would duplicate every darwin/ review 2x
- "!auth0_flutter/ios/Classes/**"
- "!auth0_flutter/macos/Classes/**"
# iOS/macOS generated
- "!**/Pods/**"
- "!**/Flutter/ephemeral/**"
- "!**/Flutter/Generated.xcconfig"
- "!**/Flutter/flutter_export_environment.sh"
- "!**/GeneratedPluginRegistrant.*"
# Android generated
- "!**/.gradle/**"
- "!**/local.properties"
- "!**/GeneratedPluginRegistrant.java"
- "!**/*.class"
# Windows generated
- "!**/flutter/ephemeral/**"
# Lock files and package caches
- "!**/*.lock"
- "!**/node_modules/**"
# Windows native deps
- "!**/vcpkg/**"
- "!**/vcpkg-binary-cache/**"
path_instructions:
# Dart/Flutter — both packages
- path: "**/*.dart"
instructions: |
- Enforce strict Dart analysis: strict-casts, strict-inference, strict-raw-types are all enabled.
- Flag any missing null checks and unsafe casts (use `is` checks/pattern matching before casting; use `as` only after guards).
- Prefer `final` for local variables and parameters.
- Public APIs must have type annotations.
- `unawaited_futures` is an error — every async call must be awaited or explicitly `unawaited(...)`.
- Lines must not exceed 80 characters.
- Check that new public symbols are covered by tests.
# Platform interface — contract stability is critical
- path: "auth0_flutter_platform_interface/**/*.dart"
instructions: |
- Platform interface changes are breaking API changes. Flag any removal or signature change of public methods.
- New methods added to the platform interface must have a default implementation or be abstract with a clear migration path.
- Ensure method channel argument names and types stay consistent with native implementations.
# Android/Kotlin
- path: "auth0_flutter/android/**/*.kt"
instructions: |
- Avoid force-casts (`as Type`) — use safe casts (`as? Type`) and handle null/failure cases explicitly.
- ClassCastException from unsafe casts in MethodChannel handlers has caused crashes in the past — treat any unchecked cast as a bug.
- Ensure all MethodChannel result callbacks (`result.success`, `result.error`, `result.notImplemented`) are called exactly once per invocation.
- Auth errors must be surfaced through `result.error`, never swallowed silently.
- minSdk is 21; avoid APIs above that level without version guards.
# iOS/macOS Swift — real source is darwin/; ios/ and macos/ are symlinks excluded above
- path: "auth0_flutter/darwin/**/*.swift"
instructions: |
- This is shared iOS/macOS code — changes apply to both platforms (iOS 14.0+, macOS 11.0+).
- Force-unwraps (`!`) are not acceptable in MethodChannel handlers — use guard/if-let.
- All FlutterResult callbacks must be invoked exactly once.
- Auth errors must propagate to Flutter as `FlutterError`, never silently dropped.
- Flag any API usage above iOS 14.0 or macOS 11.0 without availability guards.
# Windows C++
- path: "auth0_flutter/windows/**/*.cpp"
instructions: |
- All MethodChannel result callbacks must be called exactly once.
- Auth errors must surface to Flutter, not be silently ignored.
- Flag any raw pointer usage that could leak or dangle — prefer smart pointers.
# Web Dart
- path: "auth0_flutter/lib/src/web/**"
instructions: |
- Web implementation wraps auth0-spa-js — verify any token/session behavior matches the JS SDK contract.
- Browser security: check for XSS risks in any HTML/JS interop.
# CI/CD
- path: ".github/workflows/**"
instructions: |
- All actions must be pinned to a full commit SHA, not a mutable tag.
- Secrets must use `${{ secrets.NAME }}` syntax, never hardcoded.
- Permissions block should follow least-privilege — flag any `write-all` or unnecessary write permissions.
- Check that new jobs are added to the `upload-coverage.needs` list if they produce coverage.
# Pubspec files
- path: "**/pubspec.yaml"
instructions: |
- Dependency version bumps that cross a major version are breaking changes — flag them prominently.
- `secure_pubspec_urls` lint is enabled — all URLs must use HTTPS.
- Check that `version` fields in auth0_flutter and auth0_flutter_platform_interface are bumped consistently when the interface changes.
# Changelogs
- path: "**/CHANGELOG.md"
instructions: |
- Entries must follow Keep a Changelog format.
- PR title prefixes are `af:` (auth0_flutter) and `afpi:` (auth0_flutter_platform_interface) — verify the correct changelog is updated.
chat:
auto_reply: true
knowledge_base:
opt_out: false
web_search:
enabled: true
learnings:
scope: auto