chore: add CodeRabbit configuration

[DevHDI]

Summary

• add a root .coderabbit.yaml tailored to MyBMAD
• configure focused review instructions for server actions, auth, Prisma, GitHub, BMAD parsers, local filesystem provider, Tailwind UI, CI, Docker, and docs
• exclude generated/local/vendor artifacts from CodeRabbit noise

Validation

• parsed .coderabbit.yaml locally with js-yaml

Summary by CodeRabbit

• Chores
  • Enhanced code review configuration and tooling setup to improve quality assurance processes.

[coderabbitai]

Warning

Ignoring CodeRabbit configuration file changes. For security, only the configuration from the base branch is applied for open source repositories.

📝 Walkthrough

Walkthrough

This PR adds a comprehensive .coderabbit.yaml configuration file establishing global review and reporting behavior, auto-review with incremental updates, path-specific review instructions across server actions, APIs, middleware, auth, databases, UI components, and testing. It enables pre-merge validation checks for code contracts and CSS conventions, configures linters and security tools, and sets up code generation and knowledge base features.

Changes

CodeRabbit Repository Configuration

Layer / File(s)	Summary
Global Configuration and Auto-Review Behavior .coderabbit.yaml	Top-level language and locale, review reporting flags, commit-status handling, auto-review enablement with incremental review on drafts, base branch configuration, keyword-based review skipping with !skip-review label, and slop detection with needs-triage labeling.
Path-Specific Review Instructions and Pre-Merge Checks .coderabbit.yaml	Labeling instructions, path filter exclusions, and extensive path-specific review criteria prescribing evaluation standards for server actions, app/API routes, middleware, authentication, Prisma database operations, content-provider filesystem safety, GitHub integration, BMAD parsing robustness, React component patterns, Tailwind CSS v4 conventions, dashboard page isolation, test coverage, CI workflow validation, Docker configurations, build scripts, and documentation/lockfiles. Pre-merge warning-mode custom checks enforce server-action contracts, auth/data isolation boundaries, and Tailwind v4 adherence.
Tooling, Chat Automation, and Code Generation .coderabbit.yaml	Enables CodeRabbit GitHub checks and configures a comprehensive tooling suite (eslint, actionlint, shellcheck, hadolint, gitleaks, trufflehog, osvScanner, yamllint, markdownlint, dotenvLint), disables biome, configures chat auto-replies, enables knowledge base with local scopes and web search, and defines code generation instructions for automatic docstring and unit-test generation with path-specific guidance for TypeScript, BMAD parsing, content-provider filesystem operations, and server actions.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 A rabid rabbit hops with glee,
Configuration rules, so perfectly free!
Path by path, the checks align,
Tools and tests now intertwine,
CodeRabbit's burrow, safe and fine! 🐇

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'chore: add CodeRabbit configuration' directly and accurately summarizes the main change—adding a CodeRabbit configuration file to the repository.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

.coderabbit.yaml (1)

282-282: ⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Remove stray line number.

Line 282 contains only 282, which is invalid YAML syntax. This appears to be a stray line number or paste artifact.

🔧 Proposed fix

-282

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.coderabbit.yaml at line 282, Remove the stray line containing only "282"
from the YAML file (it's an invalid YAML artifact); open the file, locate the
lone line with the text "282" and delete it so the YAML parses correctly, then
run a YAML lint/validator to confirm no syntax issues remain.

🧹 Nitpick comments (1)

.coderabbit.yaml (1)

217-218: 💤 Low value

GitHub checks timeout set to maximum.

The timeout_ms: 900000 (15 minutes) is at the schema maximum. This extends review wait times but ensures slow CI pipelines complete. Confirm this duration matches your CI performance needs.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.coderabbit.yaml around lines 217 - 218, The config sets the GitHub checks
timeout to the schema maximum via the timeout_ms field (timeout_ms: 900000)
alongside enabled: true; update timeout_ms to a value that matches your CI
performance needs (reduce from 900000 if 15 minutes is longer than required) or
document/justify the 900000 value, and ensure any related CI workflows or retry
logic reference this adjusted timeout so slow pipelines are handled without
unnecessarily long review waits.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In @.coderabbit.yaml:
- Line 282: Remove the stray line containing only "282" from the YAML file (it's
an invalid YAML artifact); open the file, locate the lone line with the text
"282" and delete it so the YAML parses correctly, then run a YAML lint/validator
to confirm no syntax issues remain.

---

Nitpick comments:
In @.coderabbit.yaml:
- Around line 217-218: The config sets the GitHub checks timeout to the schema
maximum via the timeout_ms field (timeout_ms: 900000) alongside enabled: true;
update timeout_ms to a value that matches your CI performance needs (reduce from
900000 if 15 minutes is longer than required) or document/justify the 900000
value, and ensure any related CI workflows or retry logic reference this
adjusted timeout so slow pipelines are handled without unnecessarily long review
waits.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 34c12957-688e-46e9-a572-dbe845bc4fb2

📥 Commits

Reviewing files that changed from the base of the PR and between 575f6f5 and 207243d.

📒 Files selected for processing (1)

• .coderabbit.yaml