feat: CodeRabbit AI review

.coderabbit.yaml

@@ -0,0 +1,44 @@
+# CodeRabbit Configuration — WEVAL Consulting
+# https://docs.coderabbit.ai/guides/configure-coderabbit
+
+language: fr
+reviews:
+  profile: assertive
+  request_changes_workflow: true
+  high_level_summary: true
+  poem: false
+  auto_title_placeholder: "[CodeRabbit]"
+  path_instructions:
+    - path: "**/*.php"
+      instructions: |
+        Vérifier: SQL injection (prepared statements), credentials hardcodées (utiliser credentials.php),
+        expositions d'infos internes (Ollama/Groq/Cerebras/Hetzner = JAMAIS en public).
+        Pas de mb_strtoupper/mb_strtolower sur S95.
+    - path: "**/*.html"
+      instructions: |
+        Vérifier: fautes de français, branding (WEVIA Engine, jamais Ollama/vLLM),
+        liens morts, CSP compatibility React SPA.
+    - path: "**/*.js"
+      instructions: |
+        Vérifier: console.log en production, credentials exposées, XSS via innerHTML.
+    - path: "**/api/**"
+      instructions: |
+        Vérifier: authentification, rate limiting, audit logging, CORS headers.
+    - path: "**/products/**"
+      instructions: |
+        Vérifier: orthographe française, cohérence branding, meta tags SEO.
+  tools:
+    shellcheck:
+      enabled: true
+    ruff:
+      enabled: true
+    biome:
+      enabled: true
+    hadolint:
+      enabled: true
+    yamllint:
+      enabled: true
+    phpstan:
+      enabled: true
+chat:
+  auto_reply: true