Skip to content

Commit eef8617

Browse files
chore: add CodeRabbit configuration (#860)
1 parent 13af0ac commit eef8617

1 file changed

Lines changed: 144 additions & 0 deletions

File tree

.coderabbit.yaml

Lines changed: 144 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,144 @@
1+
# yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json
2+
language: "en-US"
3+
tone_instructions: "Be concise and direct. Focus on correctness, security, and API contract adherence. This is an Auth0 SDK — any deviation from expected authentication/token behaviors is high severity."
4+
early_access: false
5+
6+
reviews:
7+
profile: "assertive"
8+
request_changes_workflow: false
9+
high_level_summary: true
10+
high_level_summary_placeholder: "@coderabbitai summary"
11+
auto_title_placeholder: "@coderabbitai"
12+
review_status: true
13+
commit_status: true
14+
collapse_walkthrough: false
15+
sequence_diagrams: true
16+
17+
auto_review:
18+
enabled: true
19+
drafts: false
20+
base_branches:
21+
- main
22+
- "beta-release/**"
23+
- "release/**"
24+
25+
# Ignore generated, example, and lock files
26+
path_filters:
27+
# Example app — not part of the published SDK
28+
- "!**/example/**"
29+
# Appium/E2E test infra
30+
- "!appium-test/**"
31+
# Dart generated files
32+
- "!**/*.g.dart"
33+
- "!**/*.mocks.dart"
34+
- "!**/doc/api/**"
35+
- "!**/.dart_tool/**"
36+
- "!**/.flutter-plugins"
37+
- "!**/.flutter-plugins-dependencies"
38+
# Build outputs
39+
- "!**/build/**"
40+
- "!**/coverage/**"
41+
- "!**/DerivedData/**"
42+
# iOS/macOS symlinks — real source is auth0_flutter/darwin/Classes/
43+
# Reviewing these would duplicate every darwin/ review 2x
44+
- "!auth0_flutter/ios/Classes/**"
45+
- "!auth0_flutter/macos/Classes/**"
46+
# iOS/macOS generated
47+
- "!**/Pods/**"
48+
- "!**/Flutter/ephemeral/**"
49+
- "!**/Flutter/Generated.xcconfig"
50+
- "!**/Flutter/flutter_export_environment.sh"
51+
- "!**/GeneratedPluginRegistrant.*"
52+
# Android generated
53+
- "!**/.gradle/**"
54+
- "!**/local.properties"
55+
- "!**/GeneratedPluginRegistrant.java"
56+
- "!**/*.class"
57+
# Windows generated
58+
- "!**/flutter/ephemeral/**"
59+
# Lock files and package caches
60+
- "!**/*.lock"
61+
- "!**/node_modules/**"
62+
# Windows native deps
63+
- "!**/vcpkg/**"
64+
- "!**/vcpkg-binary-cache/**"
65+
66+
path_instructions:
67+
# Dart/Flutter — both packages
68+
- path: "**/*.dart"
69+
instructions: |
70+
- Enforce strict Dart analysis: strict-casts, strict-inference, strict-raw-types are all enabled.
71+
- Flag any missing null checks and unsafe casts (use `is` checks/pattern matching before casting; use `as` only after guards).
72+
- Prefer `final` for local variables and parameters.
73+
- Public APIs must have type annotations.
74+
- `unawaited_futures` is an error — every async call must be awaited or explicitly `unawaited(...)`.
75+
- Lines must not exceed 80 characters.
76+
- Check that new public symbols are covered by tests.
77+
78+
# Platform interface — contract stability is critical
79+
- path: "auth0_flutter_platform_interface/**/*.dart"
80+
instructions: |
81+
- Platform interface changes are breaking API changes. Flag any removal or signature change of public methods.
82+
- New methods added to the platform interface must have a default implementation or be abstract with a clear migration path.
83+
- Ensure method channel argument names and types stay consistent with native implementations.
84+
85+
# Android/Kotlin
86+
- path: "auth0_flutter/android/**/*.kt"
87+
instructions: |
88+
- Avoid force-casts (`as Type`) — use safe casts (`as? Type`) and handle null/failure cases explicitly.
89+
- ClassCastException from unsafe casts in MethodChannel handlers has caused crashes in the past — treat any unchecked cast as a bug.
90+
- Ensure all MethodChannel result callbacks (`result.success`, `result.error`, `result.notImplemented`) are called exactly once per invocation.
91+
- Auth errors must be surfaced through `result.error`, never swallowed silently.
92+
- minSdk is 21; avoid APIs above that level without version guards.
93+
94+
# iOS/macOS Swift — real source is darwin/; ios/ and macos/ are symlinks excluded above
95+
- path: "auth0_flutter/darwin/**/*.swift"
96+
instructions: |
97+
- This is shared iOS/macOS code — changes apply to both platforms (iOS 14.0+, macOS 11.0+).
98+
- Force-unwraps (`!`) are not acceptable in MethodChannel handlers — use guard/if-let.
99+
- All FlutterResult callbacks must be invoked exactly once.
100+
- Auth errors must propagate to Flutter as `FlutterError`, never silently dropped.
101+
- Flag any API usage above iOS 14.0 or macOS 11.0 without availability guards.
102+
103+
# Windows C++
104+
- path: "auth0_flutter/windows/**/*.cpp"
105+
instructions: |
106+
- All MethodChannel result callbacks must be called exactly once.
107+
- Auth errors must surface to Flutter, not be silently ignored.
108+
- Flag any raw pointer usage that could leak or dangle — prefer smart pointers.
109+
110+
# Web Dart
111+
- path: "auth0_flutter/lib/src/web/**"
112+
instructions: |
113+
- Web implementation wraps auth0-spa-js — verify any token/session behavior matches the JS SDK contract.
114+
- Browser security: check for XSS risks in any HTML/JS interop.
115+
116+
# CI/CD
117+
- path: ".github/workflows/**"
118+
instructions: |
119+
- All actions must be pinned to a full commit SHA, not a mutable tag.
120+
- Secrets must use `${{ secrets.NAME }}` syntax, never hardcoded.
121+
- Permissions block should follow least-privilege — flag any `write-all` or unnecessary write permissions.
122+
- Check that new jobs are added to the `upload-coverage.needs` list if they produce coverage.
123+
124+
# Pubspec files
125+
- path: "**/pubspec.yaml"
126+
instructions: |
127+
- Dependency version bumps that cross a major version are breaking changes — flag them prominently.
128+
- `secure_pubspec_urls` lint is enabled — all URLs must use HTTPS.
129+
- Check that `version` fields in auth0_flutter and auth0_flutter_platform_interface are bumped consistently when the interface changes.
130+
131+
# Changelogs
132+
- path: "**/CHANGELOG.md"
133+
instructions: |
134+
- Entries must follow Keep a Changelog format.
135+
- PR title prefixes are `af:` (auth0_flutter) and `afpi:` (auth0_flutter_platform_interface) — verify the correct changelog is updated.
136+
137+
chat:
138+
auto_reply: true
139+
140+
knowledge_base:
141+
opt_out: false
142+
web_search: true
143+
learnings:
144+
scope: auto

0 commit comments

Comments
 (0)