feat: improve coderabbit workflow

[animeshk923]

Description
This PR introduces a more exhaustive and dependable coderabbit configuration along with a PR review checklist to aid us.

Related issue(s)
Resolves #5291

Summary by CodeRabbit

• Documentation

  • Added a PR review checklist with guidance on titles, descriptions, comments, tests, review scope, and deployment evidence.

• Chores

  • Enabled enhanced automated review and status reporting (auto-review, incremental reviews, review/commit/changed-files summaries, related issues/PRs).
  • Enforced stricter pre-merge title checks using Conventional Commits imperative-mood rules.
  • Enabled knowledge-base web search and automatic detection of code guidelines; configured certain bots to be ignored.

[netlify]

✅ Deploy Preview for asyncapi-website ready!

Built without sensitive environment variables

Name	Link
🔨 Latest commit	328d232
🔍 Latest deploy log	https://app.netlify.com/projects/asyncapi-website/deploys/69e5af94a46a5d000841880e
😎 Deploy Preview	https://deploy-preview-5294--asyncapi-website.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 6d25ca61-71b8-4ae5-a9ac-cc705fe30241

📥 Commits

Reviewing files that changed from the base of the PR and between 7f6dce6 and 328d232.

📒 Files selected for processing (1)

• .github/pr-review-checklist.md

✅ Files skipped from review due to trivial changes (1)

• .github/pr-review-checklist.md

---

📝 Walkthrough

Walkthrough

Updated CodeRabbit review configuration to enable knowledge-base awareness, stricter pre-merge title enforcement (Conventional Commits imperative mood), additional automated review outputs, and added a new PR review checklist documenting reviewer expectations and conventions. (33 words)

Changes

Cohort / File(s)	Summary
CodeRabbit configuration \.coderabbit\.yaml	Replaced review settings: disabled poem, suggested_reviewers, suggested_labels, sequence_diagrams; enabled high_level_summary placeholder, profile: chill, auto_review with auto_incremental_review: true; ignore bots (dependabot, asyncapi-bot); enabled review_status, commit_status, changed_files_summary, assess_linked_issues, related_issues, related_prs; added pre_merge_checks.title with mode: error enforcing Conventional Commits imperative mood; enabled knowledge_base (web_search), code_guidelines auto-detection (.github/pr-review-checklist.md, CONTRIBUTING.md), and mcp usage:auto.
Review documentation .github/pr-review-checklist.md	New PR review checklist defining reviewer responsibilities: PR title/description conventions (including Resolves/Fixes #...), testing evidence, JSDoc/comments standards, DRY expectations, test coverage/edge cases, commit history guidance, PR scoping advice, and handling bot comments.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐇 I nibble on config, tidy each thread,
I plant a checklist where reviewers tread.
A hop for the rules, a skip for the rest—
Merge-ready fields, dressed in their best! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly summarizes the main change: improving the CodeRabbit workflow configuration. It directly relates to the primary objective of making CodeRabbitAI more effective through configuration updates.
Linked Issues check	✅ Passed	The pull request fully addresses both implementation requirements from issue #5291: updating the CodeRabbit YAML configuration with knowledge-base features and adding a PR review checklist for CodeRabbit.
Out of Scope Changes check	✅ Passed	All changes are directly aligned with the linked issue objectives. The .coderabbit.yaml enhancements and .github/pr-review-checklist.md addition both match the specified implementation requirements.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[asyncapi-bot]

⚡️ Lighthouse report for the changes in this PR:

Category	Score
🔴 Performance	47
🟢 Accessibility	98
🟢 Best practices	92
🟢 SEO	100
🔴 PWA	33

Lighthouse ran on https://deploy-preview-5294--asyncapi-website.netlify.app/

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (6319719) to head (328d232).
⚠️ Report is 30 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff            @@
##            master     #5294   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files           22        22           
  Lines          830       830           
  Branches       159       159           
=========================================
  Hits           830       830           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

.github/pr-review-checklist.md (1)

19-19: Consider adding supported PR slash commands to the checklist.

A short note with /ptal, /rtm, /dnm, /au, and /u would make reviewer actions more discoverable.

Based on learnings: The following PR commands are supported in this repository: /please-take-a-look (/ptal), /ready-to-merge (/rtm), /do-not-merge (/dnm), /autoupdate (/au), /update (/u).

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/pr-review-checklist.md at line 19, Add a short note under the "Bot
Comments" checklist item listing the supported PR slash commands and their
aliases so reviewers can discover them easily; explicitly include the mappings:
/please-take-a-look (/ptal), /ready-to-merge (/rtm), /do-not-merge (/dnm),
/autoupdate (/au), and /update (/u), phrased as a single-line bullet or
parenthetical note.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.coderabbit.yaml:
- Line 23: Update the .coderabbit.yaml "requirements" value to remove the
Generator-specific clause that starts with "In Generator," so the enforced title
policy no longer demands Generator-prefixed commit titles; edit the requirements
string (and keep the existing "mode: error" behavior) to only require a concise
Conventional Commits-style imperative title (e.g., start with "feat:" or "fix:"
when relevant) and ensure no repository-specific Generator text remains that can
cause false pre-merge failures.
- Line 13: Update the ignore_usernames list so it includes the AsyncAPI
automation account: add "asyncapi-bot-eve" to the existing ignore_usernames
array (the YAML key ignore_usernames) so the entry becomes [dependabot,
asyncapi-bot, asyncapi-bot-eve]; ensure proper YAML quoting/commas if needed and
keep the same spacing/style as the surrounding file.

---

Nitpick comments:
In @.github/pr-review-checklist.md:
- Line 19: Add a short note under the "Bot Comments" checklist item listing the
supported PR slash commands and their aliases so reviewers can discover them
easily; explicitly include the mappings: /please-take-a-look (/ptal),
/ready-to-merge (/rtm), /do-not-merge (/dnm), /autoupdate (/au), and /update
(/u), phrased as a single-line bullet or parenthetical note.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: cc5025bc-ec99-4f4d-a662-0b7f013f6249

📥 Commits

Reviewing files that changed from the base of the PR and between 6319719 and 294df52.

📒 Files selected for processing (2)

• .coderabbit.yaml
• .github/pr-review-checklist.md

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify actual PR author logins used in asyncapi/website (read-only).
# Expected: confirm exact bot logins, then mirror them in reviews.auto_review.ignore_usernames.

gh api repos/asyncapi/website/pulls --paginate -q '.[].user.login' \
  | sort -u \
  | rg -n 'dependabot|asyncapi-bot'

Repository: asyncapi/website

Length of output: 90

---

🏁 Script executed:

# Search for bot references in the repository structure
find . -type f \( -name "*.yml" -o -name "*.yaml" -o -name "*.md" \) | head -20

Repository: asyncapi/website

Length of output: 960

---

🏁 Script executed:

# Look for workflow files that might mention bots
fd -e yml -e yaml .github/workflows/ 2>/dev/null | xargs grep -l "dependabot\|asyncapi-bot" 2>/dev/null || echo "No matches found"

Repository: asyncapi/website

Length of output: 76

---

🏁 Script executed:

# Search for any mentions of bot usernames in the codebase
rg "dependabot|asyncapi-bot" -t yml -t yaml -t md 2>/dev/null || echo "No matches found"

Repository: asyncapi/website

Length of output: 76

---

🌐 Web query:

GitHub bot usernames naming conventions dependabot asyncapi-bot exact format

💡 Result:

GitHub bot usernames follow a convention of ending with -bot or [bot]. Dependabot uses dependabot-bot (commit signing account for the Dependabot app, github.com/dependabot-bot). asyncapi-bot is the top contributor to AsyncAPI repositories like asyncapi/chatbot (github.com/asyncapi/chatbot contributors). No strict official format is documented in GitHub docs; common practice is descriptive name + "-bot" for identification as a bot account. GitHub usernames allow alphanumeric characters and hyphens, no underscores generally (except internal uses). Branch names for Dependabot PRs follow "dependabot/{packageManager}/{targetBranch}/{dependencyName}-{version}", configurable via dependabot.yml (e.g., separator: space or hyphen).

Citations:

• 1: https://github.com/dependabot-bot
• 2: https://github.com/dependabot/dependabot-core
• 3: https://github.com/asyncapi/chatbot
• 4: https://github.com/asyncapi-bot-eve
• 5: Provide option to configure format of branch name dependabot/dependabot-core#396
• 6: https://docs.github.com/en/code-security/reference/supply-chain-security/dependabot-options-reference
• 7: https://medium.com/towardsdev/github-naming-conventions-best-practices-for-clean-and-professional-repos-88cee3127c5b
• 8: https://docs.github.com/en/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/managing-bots-and-service-accounts-with-two-factor-authentication
• 9: https://docs.github.com/en/enterprise-cloud@latest/admin/managing-iam/iam-configuration-reference/username-considerations-for-external-authentication
• 10: Allow "underscore" in username? isaacs/github#906

---

🏁 Script executed:

# Check if there's any CONTRIBUTING or documentation mentioning bots
fd -t f \( -name "CONTRIBUTING*" -o -name "AUTHOR*" -o -name "README*" \) | xargs grep -l "bot\|dependabot" 2>/dev/null || echo "No docs found mentioning bots"

Repository: asyncapi/website

Length of output: 337

---

🏁 Script executed:

# Search for any references to bot accounts in the entire repo
rg "asyncapi-bot|dependabot" -i --max-count 20 2>/dev/null || echo "No references found"

Repository: asyncapi/website

Length of output: 2328

---

🏁 Script executed:

# Check the .coderabbit.yaml file to see full context
cat -n .coderabbit.yaml | head -30

Repository: asyncapi/website

Length of output: 1280

---

🌐 Web query:

asyncapi-bot-eve GitHub AsyncAPI project bot username

💡 Result:

The GitHub username for the asyncapi-bot-eve, which is an official bot for the AsyncAPI project named after their mascot Eve, is asyncapi-bot-eve. It handles automation tasks like managing global GitHub Actions workflows across AsyncAPI repositories, as part of the @asyncapi/bots team. Repositories need to add @asyncapi-bot-eve to their CODEOWNERS file for automatic PR approvals from the bot.

Citations:

• 1: https://github.com/asyncapi-bot-eve
• 2: https://asyncapi.com/docs/community/000-onboarding/github-actions
• 3: https://www.asyncapi.com/blog/asyncapi-mascot-redesign

---

Add asyncapi-bot-eve to the ignore_usernames list.

Line 13 is missing asyncapi-bot-eve, which is the official AsyncAPI bot listed in CODEOWNERS and governance documentation as actively used for GitHub Actions automation. The configuration should be:

ignore_usernames: [dependabot, asyncapi-bot, asyncapi-bot-eve]

This ensures auto-review is skipped for both dependabot and the AsyncAPI bot accounts. The current configuration will still trigger auto-reviews for PRs from asyncapi-bot-eve.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.coderabbit.yaml at line 13, Update the ignore_usernames list so it includes
the AsyncAPI automation account: add "asyncapi-bot-eve" to the existing
ignore_usernames array (the YAML key ignore_usernames) so the entry becomes
[dependabot, asyncapi-bot, asyncapi-bot-eve]; ensure proper YAML quoting/commas
if needed and keep the same spacing/style as the surrounding file.

[animeshk923]

Should this be implemented?

[coderabbitai]

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check actual PR authors that are bots in asyncapi/website
gh api "repos/asyncapi/website/pulls?state=all&per_page=50" \
  -q '.[].user | select(.type == "Bot" or (.login | test("bot"; "i"))) | .login' \
  | sort | uniq -c | sort -rn | head -20

Length of output: 44

---

@animeshk923 Based on checking the last 50 PRs in asyncapi/website, the only bot accounts that actually open PRs are:

Bot	PRs (recent 50)
asyncapi-bot	15
dependabot[bot]	12
asyncapi-bot-eve	0

asyncapi-bot-eve operates as a reviewer/approver (via CODEOWNERS), not as a PR author, so adding it to ignore_usernames would have no practical effect for this repository.

You can safely skip this suggestion. The current configuration already covers the bots that actually open PRs here.

One minor note for awareness: the actual GitHub login for Dependabot is dependabot[bot], but CodeRabbit's ignore_usernames matching is case-insensitive and handles the [bot] suffix, so the existing dependabot entry works correctly.

---

🧠 Learnings used

Learnt from: akshatnema
Repo: asyncapi/website PR: 3298
File: .coderrabbit.yml:2-2
Timestamp: 2024-10-23T09:13:57.844Z
Learning: When a user prefers detailed reviews including nitpicks, set `reviews.profile` to `"assertive"` in the `.coderrabbit.yml` configuration file.

---

Learnt from: akshatnema
Repo: asyncapi/website PR: 3265
File: tests/fixtures/toolsObjectData.js:51-52
Timestamp: 2024-10-09T17:35:36.557Z
Learning: When reviewing code in the 'asyncapi/website' repository, akshatnema prefers that I do not provide committable code suggestions.

---

Learnt from: asyncapi-bot
Repo: asyncapi/website PR: 0
File: :0-0
Timestamp: 2025-02-18T12:07:42.211Z
Learning: The following PR commands are supported in the asyncapi/website repository:
- `/please-take-a-look` or `/ptal`: Requests attention from reviewers who haven't reviewed the PR
- `/ready-to-merge` or `/rtm`: Triggers automerge when all conditions are met
- `/do-not-merge` or `/dnm`: Blocks automerge even if all conditions are met
- `/autoupdate` or `/au`: Adds autoupdate label to keep PR in sync with target branch
- `/update` or `/u`: One-time update of PR with latest changes from target branch

[coderabbitai]

Seems like the humans are having a chat. I'll hop back into my burrow for now. If you need me again, just tag @coderabbitai in a new comment, and I'll come hopping out!

[princerajpoot20]

@animeshk923 not needed. asyncapi-bot-eve does not creats pr

[princerajpoot20]

In this checklist, please add the most important point: attaching testing evidence from the temporary deployment link. This should be mandatory.

Even if your code is just a refactoring and does not add any new features, you should still provide testing evidence for the parts of the code you modified to ensure there are no regressions.

Hence, please add this point.

[animeshk923]

what do we mean and consider as a testing evidence here?

[animeshk923]

resolved through 328d232

[princerajpoot20]

@animeshk923 any update on this one? i have answered your query over slack. Let me know if you need more clarification

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[animeshk923]

@animeshk923 any update on this one? i have answered your query over slack. Let me know if you need more clarification

Applied the suggestion from #5294 (comment) via 328d232