Dosu Logo
Home
Documents
AI Assistant and Code Ownership Configuration
AI Assistant and Code Ownership Configuration
Type
Document
Status
Published
Created
Oct 31, 2025
Updated
Mar 2, 2026
Updated by
Dosu Bot

The Gold Digger project integrates several tools and workflows to enhance code review quality and maintainability, including AI-assisted code review via CodeRabbit, automated reviewer assignment with CODEOWNERS, and automation hooks for synchronizing AI instructions and documentation.

AI-Assisted Code Review with CodeRabbit

CodeRabbit is configured in the repository using a .coderabbit.yaml file. The configuration provides comprehensive automated code review for pull requests, including high-level summaries, review status, sequence diagrams, effort estimation, and integration with GitHub checks. The configuration covers over 150 lines and integrates multiple analysis tools and custom checks specific to the Gold Digger project.

The configuration is organized into several major sections:

  • Reviews: Controls review behavior, including profile (assertive), request changes workflow, auto-labeling, path filters to focus reviews on source code and documentation while excluding build artifacts, and auto-review settings that skip draft PRs and WIP branches.
  • Pre-merge checks and custom checks: Enforces Conventional Commits title format, docstring coverage thresholds, and four custom safety checks specific to Gold Digger: credential safety (no logging of DATABASE_URL), NULL safety (proper MySQL value conversions using safe helpers), exit code verification (structured codes 0–5), and error handling (proper anyhow::Result usage without panics).
  • Path instructions: Provides file-type-specific guidance for reviewing Rust source code (src/**), tests (tests/**), documentation (docs/**), and build automation (justfile), emphasizing security (credential redaction, TLS), safe database value conversions (no panics on NULL), and proper error handling.
  • Tools integration: Enables and configures external linters and checkers including shellcheck, markdownlint, yamllint, gitleaks, actionlint, semgrep, clippy, sqlfluff, and languagetool, with explicit opt-out of tools not relevant to the project (e.g., biome, hadolint, eslint, flake8).
  • Code generation: Defines standards for generating Rust documentation comments (module, function, type, error documentation following Rust conventions) and unit tests (using testcontainers for MySQL/MariaDB integration tests).
  • Knowledge base: Enables web search, code guidelines, learnings, and local issue/PR scope for contextual review, with MCP (Model Context Protocol) usage enabled.

The assertive profile and request changes workflow allow CodeRabbit to block merges when critical issues are detected, improving code quality enforcement. The configuration reflects the project's focus on security (credential redaction, TLS), safe database value conversions (explicit NULL handling), and proper error handling with structured exit codes.

Automated Reviewer Assignment with CODEOWNERS

The repository uses a .github/CODEOWNERS file to automate reviewer assignment. The current CODEOWNERS file specifies @... as the primary maintainer responsible for code reviews across the entire codebase. Branch protection rules enforce code review and required status checks, ensuring that changes are reviewed by the appropriate owners as defined in the CODEOWNERS file. This integration streamlines the review process and ensures that domain experts are automatically assigned to relevant changes, supporting consistent code quality and governance.

The CODEOWNERS structure complements the broader project governance model documented in GOVERNANCE.md, which defines project roles, decision-making processes, release policies, and maintainer responsibilities Reference.

Automation Hooks for Synchronizing AI Instructions and Documentation

Automation hooks are implemented via CI/CD workflows in the .github/workflows directory. These workflows cover continuous integration, release management, security scanning, documentation generation, and code quality analysis. Hooks such as .kiro/hooks/ai-instructions-sync.kiro.hook and .kiro/hooks/rust-docs-sync.kiro.hook automate the synchronization of AI instructions and documentation with code changes, ensuring that developer guidance and documentation remain up to date as the codebase evolves Reference.

Impact on Review Quality and Maintainability

The integration of CodeRabbit, CODEOWNERS, and automation hooks provides several benefits:

  • Automated AI feedback improves the depth and consistency of code reviews, catching issues and suggesting improvements that might be missed in manual review. The comprehensive tool integration (clippy, sqlfluff, gitleaks, actionlint, and others) provides multi-layered static analysis and security scanning.
  • Custom checks enforce project-specific safety requirements (credential redaction, NULL-safe MySQL value conversions, structured exit codes, panic-free error handling), reducing the risk of security vulnerabilities and runtime errors.
  • CODEOWNERS ensures that the right reviewers are assigned automatically, reducing bottlenecks and improving accountability.
  • Automation hooks keep documentation and AI instructions synchronized with the codebase, reducing the risk of outdated guidance and improving onboarding for new contributors.
  • Modern CI/CD workflows enforce security, code quality, and documentation standards, supporting a maintainable and professional-grade project foundation Reference.
  • Dependency and license management is consolidated into deny.toml, which enforces security policies and license compliance for both local development and CI environments.

These practices collectively help the project maintain high standards for code quality, security, and developer experience, while reducing manual effort and the risk of human error.