This repo holds the org-wide CodeRabbit configuration for every repository in the Open Paws GitHub organization. A single .coderabbit.yaml here applies automatically to any repo that does not define its own. It enforces compassionate language rules, secret scanning, test quality standards, and movement-correct terminology on every pull request across the ecosystem.
Note
Open Paws is a 501(c)(3) nonprofit building open-source infrastructure for animal liberation. CodeRabbit runs at the org level so that advocacy-domain standards — farmed animal terminology, three-adversary security, and mutation-tested quality gates — are consistent across all campaigns, investigation tooling, platform code, and agent infrastructure without needing to configure each repo individually.
| File | Purpose |
|---|---|
.coderabbit.yaml |
Org-wide CodeRabbit defaults |
semgrep-no-animal-violence.yaml |
Imports the full no-animal-violence rule set for Semgrep |
.pre-commit-config.yaml |
Pre-commit hook: runs no-animal-violence check locally |
- Profile: assertive — flags actionable issues without verbosity
request_changes_workflow: true— CodeRabbit can block merges; required for the Wave 0 auto-merge gate- High-level PR summary enabled; effort estimation enabled; decorative poem disabled
- Auto-incremental reviews on each push; draft PRs skipped
- Skips reviews for PRs titled
WIPorDO NOT MERGE - Ignores
dependabot[bot]andrenovate[bot]commits
CodeRabbit suggests (does not auto-apply) two labels:
| Label | Trigger |
|---|---|
security |
Changes touching authentication, secrets, or coalition/activist data |
breaking-change |
Removals or alterations of public API contracts, endpoints, or schemas |
dist/**,node_modules/****/*.lock,**/*.generated.*.claude/worktrees/**
| Path pattern | What CodeRabbit checks |
|---|---|
**/*.test.{ts,js,py} |
Three-question test quality: would it fail on breakage? does it encode a domain rule? would mutation testing kill it? Rejects snapshot traps, coverage theater, and happy-path-only tests. |
.claude/** |
Scans for hidden Unicode (Rules File Backdoor attack). Flags hooks that expand scope. Confirms no activist identities or investigation names are embedded in instruction files. |
Two custom checks run as errors and block merge:
- No hardcoded secrets — fails if any non-test file contains API keys, tokens, passwords, database URLs, or service account credentials
- No speciesist idioms — fails if code, comments, variable names, or docs contain terms from the no-animal-violence pattern list
PR title format is checked as a warning (imperative verb, under 70 characters).
| Avoid | Use instead |
|---|---|
livestock |
farmed animals |
master / slave |
primary / replica |
whitelist / blacklist |
allowlist / denylist |
cattle vs. pets |
ephemeral vs. persistent |
kill two birds with one stone |
accomplish two things at once |
guinea pig |
test subject |
farm (industry euphemism) |
factory farm |
Full pattern list: Open-Paws/no-animal-violence
| Tool | Purpose |
|---|---|
| Semgrep | Runs semgrep-no-animal-violence.yaml — the full Open Paws no-animal-violence rule set |
| TruffleHog | Secret scanning on every PR |
| GitHub Checks | CI status integration (90 s timeout) |
| LanguageTool | Default-level prose linting |
- Reads
CLAUDE.mdandAGENTS.mdfiles in each repo as code guidelines - Learnings, issues, and PRs are scoped locally per repo — no cross-repo leakage
- Web search disabled
- Jira, Linear, and MCP integrations disabled (MCP re-enable pending Gary MCP hub activation)
Any Open Paws repo without its own .coderabbit.yaml inherits this config automatically. No setup required.
To merge a repo-level config on top of this one, add inheritance: true as the first line of the repo's .coderabbit.yaml:
# .coderabbit.yaml (repo root)
inheritance: true # keep all org defaults; settings below are additive overridesRepos handling investigation data, witness information, or coalition ops should disable the knowledge base so that sensitive content does not train models:
# .coderabbit.yaml (repo root)
inheritance: true
knowledge_base:
opt_out: true| Tier | Examples | Recommended override |
|---|---|---|
| Tier 1 (public, no sensitive data) | platform, desloppify | Use org config as-is |
| Tier 2 (coalition or campaign data) | campaign tooling | knowledge_base.opt_out: true |
| Tier 3 (investigation data, witness info, legal) | investigation ops | knowledge_base.opt_out: true |
Tier assignments: ecosystem/repos.md in the context repo.
\n\n### CI workflows\n\n**no-animal-violence.yml — speciesist language CI check**\n\nRuns Open-Paws/no-animal-violence-action@v1 on every PR. Errors block the PR; warnings do not.\n\nMerges are operator-driven via /merge in structured-coding-with-ai (no auto-merge).\n