ci: harden workflows and sponsor code review config

.coderabbit.yaml

@@ -0,0 +1,36 @@
+# yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json
+language: "en-US"
+early_access: false
+tone_instructions: "Be direct, concise, and evidence-led. Prioritize actionable findings over praise."
+
+reviews:
+  profile: "assertive"
+  request_changes_workflow: false
+  high_level_summary: true
+  high_level_summary_in_walkthrough: true
+  review_status: true
+  review_details: true
+  commit_status: true
+  fail_commit_status: true
+  auto_review:
+    enabled: true
+    drafts: false
+  path_instructions:
+    - path: ".github/workflows/**"
+      instructions: |
+        Treat workflow changes as security-sensitive. Flag unpinned third-party actions, broad write permissions, persisted checkout credentials in write-token jobs, pull_request_target misuse, and untrusted GitHub context interpolated into shell commands.
+    - path: "{scripts,bin}/**"
+      instructions: |
+        Focus on command injection, unsafe subprocess usage, path traversal, SSRF, secret exposure, and missing tests for new CLI behavior.
+    - path: "skills/**/scripts/**"
+      instructions: |
+        Review generated or imported scripts as untrusted-input tooling. Flag RCE, path traversal, network fetches without validation, and writes outside the expected workspace.
+    - path: "{skills,commands,agents,rules}/**"
+      instructions: |
+        Focus on prompt-injection resilience, tool-permission scope, destructive action guards, and secret exfiltration risks.
+    - path: "{SECURITY.md,docs/security/**}"
+      instructions: |
+        Check that official distribution surfaces, disclosure guidance, and supply-chain rules stay accurate and do not endorse unofficial packages.
+
+chat:
+  auto_reply: true

.github/copilot-instructions.md

@@ -83,10 +83,11 @@ Use AAA structure (Arrange / Act / Assert) and descriptive test names that expla
 
 Types: `feat`, `fix`, `refactor`, `docs`, `test`, `chore`, `perf`, `ci`
 
-PR checklist before requesting review:
+PR checklist before requesting sponsored review:
 - CI passing, merge conflicts resolved, branch up to date with target
 - Full diff reviewed (`git diff [base-branch]...HEAD`)
 - Test plan included in PR description
+- Code review is handled by CodeRabbit and Greptile. Do not add or route PR code review through Copilot, Claude, Codex, or other reviewer bots.
 
 ## Code Quality Checklist
 
@@ -107,7 +108,6 @@ Use these prompts in Copilot Chat for deeper workflows:
 |--------|-------------|---------|
 | `/plan` | Complex feature | Phased implementation plan |
 | `/tdd` | New feature or bug fix | Test-driven development cycle |
-| `/code-review` | After writing code | Quality and security review |
 | `/security-review` | Before a release | Deep security analysis |
 | `/build-fix` | Build/CI failure | Systematic error resolution |
 | `/refactor` | Code maintenance | Dead code cleanup and simplification |

.github/prompts/code-review.prompt.md

@@ -1,56 +0,0 @@
----
-agent: agent
-description: Comprehensive code quality and security review of the selected code or recent changes
----
-
-# Code Review
-
-Review the selected code (or the current diff if nothing is selected) across four dimensions. Only report issues you are **confident about** — flag uncertainty explicitly rather than guessing.
-
-## Dimensions
-
-### 1. Security (CRITICAL — block ship if found)
-- Hardcoded secrets, tokens, API keys, passwords
-- Missing input validation or sanitization at system boundaries
-- SQL/NoSQL injection risk (string interpolation in queries)
-- XSS risk (unsanitized HTML output)
-- Auth/authz checks missing or client-side only
-- Sensitive data in logs or error messages exposed to clients
-- Missing rate limiting on public endpoints
-
-### 2. Code Quality (HIGH)
-- Mutation of existing state instead of creating new objects
-- Functions over 50 lines or files over 800 lines
-- Nesting deeper than 4 levels
-- Duplicated logic that should be extracted
-- Misleading or non-descriptive names
-
-### 3. Error Handling (HIGH)
-- Silently swallowed errors (`catch {}`, empty catch blocks)
-- Missing error handling at async boundaries
-- Errors returned but not checked by callers
-- User-facing error messages leaking internal details
-
-### 4. Test Coverage (MEDIUM)
-- Missing tests for new logic
-- Tests that only test happy paths (missing error/edge cases)
-- Assertions that always pass
-
-## Output Format
-
-For each issue found:
-
-```
-**[CRITICAL|HIGH|MEDIUM|LOW]** — [File:Line if known]
-Issue: [What is wrong]
-Fix: [Concrete suggestion]
-```
-
-End with a summary:
-```
-## Summary
-- Critical: N
-- High: N
-- Medium: N
-- Approved to ship: yes / no (fix CRITICAL and HIGH first)
-```

.github/workflows/ci.yml

@@ -36,6 +36,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        with:
+          persist-credentials: false
 
       - name: Setup Node.js ${{ matrix.node }}
         uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
@@ -114,6 +116,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        with:
+          persist-credentials: false
 
       - name: Setup Node.js
         uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
@@ -175,6 +179,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        with:
+          persist-credentials: false
 
       - name: Setup Node.js
         uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
@@ -200,6 +206,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        with:
+          persist-credentials: false
 
       - name: Setup Node.js
         uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
@@ -227,6 +235,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        with:
+          persist-credentials: false
 
       - name: Setup Node.js
         uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0

.github/workflows/reusable-test.yml

@@ -28,6 +28,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        with:
+          persist-credentials: false
 
       - name: Setup Node.js
         uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0

.github/workflows/reusable-validate.yml

@@ -18,6 +18,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        with:
+          persist-credentials: false
 
       - name: Setup Node.js
         uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0

greptile.json

@@ -0,0 +1,67 @@
+{
+  "strictness": 2,
+  "commentTypes": ["logic", "syntax", "style"],
+  "triggerOnUpdates": true,
+  "triggerOnDrafts": false,
+  "shouldUpdateDescription": false,
+  "updateExistingSummaryComment": true,
+  "statusCheck": true,
+  "statusCommentsEnabled": true,
+  "disabledLabels": ["no-review", "skip-review", "wip"],
+  "excludeBranches": ["dependabot/**"],
+  "fileChangeLimit": 80,
+  "ignoreKeywords": "no-review\nskip-review\nmechanical-format-only",
+  "ignorePatterns": "node_modules/**\ndist/**\nbuild/**\ncoverage/**\n.vite/**\n.next/**\n.cache/**\n*.lock\npackage-lock.json\nyarn.lock\npnpm-lock.yaml\nassets/**/*.png\nassets/**/*.jpg\nassets/**/*.jpeg\nassets/**/*.gif\nassets/**/*.webp\n**/*.generated.*",
+  "summarySection": {
+    "included": true,
+    "collapsible": true,
+    "defaultOpen": true
+  },
+  "issuesTableSection": {
+    "included": true,
+    "collapsible": false,
+    "defaultOpen": true
+  },
+  "confidenceScoreSection": {
+    "included": true,
+    "collapsible": true,
+    "defaultOpen": false
+  },
+  "sequenceDiagramSection": {
+    "included": true,
+    "collapsible": true,
+    "defaultOpen": false
+  },
+  "customContext": {
+    "rules": [
+      {
+        "scope": [".github/workflows/**"],
+        "rule": "Flag unpinned third-party GitHub Actions, broad write permissions, persisted checkout credentials in write-token jobs, pull_request_target misuse, and untrusted GitHub context inside shell commands."
+      },
+      {
+        "scope": ["scripts/**", "bin/**", "skills/**/scripts/**"],
+        "rule": "Treat CLI inputs, URLs, file paths, and subprocess arguments as untrusted. Flag RCE, SSRF, path traversal, unsafe shell usage, and missing regression tests."
+      },
+      {
+        "scope": ["skills/**", "commands/**", "agents/**", "rules/**"],
+        "rule": "Review for prompt injection, tool-permission creep, destructive-action ambiguity, hidden persistence, and secret exfiltration risks."
+      },
+      {
+        "scope": ["SECURITY.md", "docs/security/**", "README.md"],
+        "rule": "Ensure package and distribution claims only list official ECC surfaces. Flag unofficial npm packages, stale historical repo paths, and misleading install instructions."
+      }
+    ],
+    "files": [
+      {
+        "scope": ["**/*"],
+        "path": "SECURITY.md",
+        "description": "ECC disclosure policy, official package surfaces, out-of-scope rules, and supply-chain guardrails."
+      },
+      {
+        "scope": ["**/*"],
+        "path": "AGENTS.md",
+        "description": "Workspace-level agent routing and operating constraints."
+      }
+    ]
+  }
+}