chore: add CodeRabbit configuration for automated code reviews

[nanotaboada]

• Add .coderabbit.yaml with .NET 8/ASP.NET Core optimizations
• Configure path-based review instructions for layered architecture
• Enable relevant tools (gitleaks, checkov, hadolint, semgrep, etc.)
• Disable 30+ irrelevant language-specific tools for faster reviews
• Add path filters to exclude bin/, obj/, logs/, and generated files
• Configure C# coding standards and xUnit test patterns

Summary by CodeRabbit

• Chores

  • Added comprehensive automated review and pre-merge checks, security and linting scanners, incremental auto-review workflows, and extensive ignore filters for build artifacts.

• Documentation

  • Expanded guidance on review scope, path-based review rules, code-generation defaults, issue enrichment metadata, and project-level quality rules.

• Tests

  • Reinforced expectations for docstrings and unit test coverage, plus standardized test conventions.

• New Features

  • Enabled chat and knowledge-base features and automated issue enrichment.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Adds a new .coderabbit.yaml with extensive repository-specific review, tool, and automation settings for a .NET 8 / ASP.NET Core Web API project, and updates repository Copilot/test guidance in .github/copilot-instructions.md with explicit xUnit/testing conventions.

Changes

Cohort / File(s)	Change summary
CodeRabbit configuration ​.coderabbit.yaml	New comprehensive YAML configuring language/access/review workflows, path-based review instructions for C# sources (controllers, services, repos, models, validators, tests), ignore filters, auto-review and pre-merge checks, enabled/disabled tools (gitleaks, checkov, hadolint, semgrep, etc.), chat/KB features, and code-generation guidance (XML docstrings, unit tests).
Repository guidance / Copilot instructions .github/.../copilot-instructions.md, .github/copilot-instructions.md	Edits clarify testing guidance: require xUnit attributes ([Fact]/[Theory]), Given_When_Then naming, Arrange/Act/Assert structure comments, and add [Trait("Category","Unit")] for unit tests.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

• Validate path glob patterns and per-path instruction accuracy in ​.coderabbit.yaml
• Check enabled/disabled tool selections and any tool-specific config blocks (semgrep, hadolint, checkov)
• Review auto-review workflow, incremental review settings, draft handling, and pre-merge warning thresholds
• Confirm test convention edits in .github/copilot-instructions.md align with CI/test frameworks and existing test suites

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title follows Conventional Commits format with 'chore:' prefix, is 62 characters (under 80), and accurately describes the main change: adding CodeRabbit configuration for automated code reviews.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feature/coderabbit-yaml

---

📜 Recent review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 914ace5 and d9977c5.

📒 Files selected for processing (2)

• .coderabbit.yaml (1 hunks)
• .github/copilot-instructions.md (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• .github/copilot-instructions.md

⏰ Context from checks skipped due to timeout of 120000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: test
• GitHub Check: Codacy Static Code Analysis
• GitHub Check: Analyze (csharp)

🔇 Additional comments (6)

.coderabbit.yaml (6)

1-6: LGTM — Basic settings are properly configured for .NET project context.

---

32-122: Comprehensive path-based instructions aligned with .NET best practices — The coverage is thorough and includes appropriate guidance for Controllers, Services, Repositories, Models, Validators, Tests, Dockerfile, and configuration files. Test patterns (xUnit, Moq, FluentAssertions with Given_When_Then naming) and Dockerfile security practices (non-root user, HEALTHCHECK) are solid.

Verify that the glob path patterns (e.g., src/**/Controllers/**/*.cs, test/**/*.cs) match your actual repository directory structure. If your project uses a different layout (e.g., tests/ instead of test/ or flat structure without src/), you may need to adjust these patterns.

---

111-123: LGTM — Path filters appropriately exclude build artifacts (bin/, obj/), generated EF Core files (Designer.cs, ModelSnapshot.cs), migrations, database files, and other non-source assets.

---

124-180: LGTM — Auto-review settings, finishing touches, pre-merge checks, and enabled tools are well-configured. The Conventional Commits format requirement (feat:, fix:, chore:, etc.) is industry-standard. Docstring threshold at 75% is intentionally lenient; confirm this aligns with your team's coverage expectations.

Verify that the 75% docstring threshold is intentional (the default is 80%). If stricter coverage is desired, consider raising it.

---

183-239: LGTM — Explicitly disabling 30+ language-specific tools (Python, PHP, Go, Rust, Ruby, Java, JavaScript, SQL, etc.) is intentional and reduces review noise and execution time. The intent is clear and appropriate for a .NET 8 / ASP.NET Core project.

---

241-295: LGTM — Chat, knowledge base, code generation, and issue enrichment sections are comprehensive. Knowledge base is configured to learn from C#, project files, Dockerfiles, and configuration files. Code generation guidance (XML docstrings, xUnit with Given_When_Then, Moq, FluentAssertions) aligns perfectly with path-based instructions and .NET best practices. Issue enrichment is enabled for automatic metadata enrichment.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codacy-production]

Coverage summary from Codacy

See diff coverage on Codacy

Coverage variation	Diff coverage
✅ +0.00%	✅ ∅

Coverage variation details

	Coverable lines	Covered lines	Coverage
Common ancestor commit (44d1775)	1225	196	16.00%
Head commit (d9977c5)	1225 (+0)	196 (+0)	16.00% (+0.00%)

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details

	Coverable lines	Covered lines	Diff coverage
Pull request (#327)	0	0	∅ (not applicable)

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

See your quality gate settings    Change summary preferences

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

.coderabbit.yaml (2)

24-26: Minor: auto_apply_labels: true contradicts "chill" review profile.

The "chill" profile (line 9) emphasizes fewer, less strict suggestions. Setting auto_apply_labels: true is assertive behavior—labels are applied without human review. Consider auto_apply_labels: false to maintain a truly "chill" review stance, letting reviewers decide which labels to apply.

---

249-253: Refine code_guidelines filePatterns to be more specific.

The pattern **/*.json is very broad and could match auto-generated, vendored, or third-party JSON files (e.g., package metadata, build output). Consider restricting to hand-authored files:

  code_guidelines:
    enabled: true
    filePatterns:
      - "**/*.cs"
      - "**/*.csproj"
      - "**/Dockerfile"
-     - "**/*.json"
+     - "**/appsettings*.json"
+     - "src/**/*.json"

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 44d1775 and e5eb9bd.

📒 Files selected for processing (1)

• .coderabbit.yaml (1 hunks)

⏰ Context from checks skipped due to timeout of 120000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Codacy Static Code Analysis

🔇 Additional comments (5)

.coderabbit.yaml (5)

1-30: Comprehensive configuration well-aligned with PR objectives.

The basic structure, review settings, and auto-review configuration appropriately support .NET 8 projects. Profile, finishing touches (docstrings and unit tests enabled), and pre-merge checks (all warning mode) are consistent and reasonable.

---

32-107: Excellent path-specific instructions for layered architecture.

The eight instruction sets (general C#, Controllers, Services, Repositories, Models, Validators, Tests, Dockerfile, appsettings, csproj) provide clear, actionable guidance aligned with .NET best practices. Guidance on async/await, dependency injection, xUnit patterns, and Entity Framework conventions is appropriate.

---

109-120: Path filters sensibly exclude build artifacts and generated files.

The exclusions for bin/, obj/, logs/, Entity Framework migrations (Designer.cs, ModelSnapshot.cs), and lock files are appropriate for a .NET project. This avoids noise from auto-generated code while preserving the ability to review actual source.

---

155-237: Tool selection appropriately balanced: relevant tools enabled, irrelevant ones disabled.

Security tools (gitleaks, checkov, osvScanner), infrastructure tools (hadolint, yamllint, actionlint), and general quality tools (semgrep, markdownlint) are enabled. Disabling 30+ language-specific tools (eslint, ruff, rubocop, detekt, golangci-lint, etc.) is correct and improves review speed. GitHub Checks timeout of 120s (line 173) is reasonable for comprehensive checks.

---

263-282: Code generation guidance appropriately targets C# and xUnit standards.

Path-specific instructions for docstrings use XML documentation comments (///), and unit test instructions correctly specify xUnit [Fact]/[Theory], Moq, FluentAssertions, and naming conventions. Guidance is practical and aligns with .NET community standards.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud