From 88104bb4c42fe4e5bde1743d191744a4d4966d4a Mon Sep 17 00:00:00 2001
From: Yacineutt <yacineutt@gmail.com>
Date: Mon, 23 Mar 2026 12:54:48 +0100
Subject: [PATCH] feat: CodeRabbit AI review

---
 .coderabbit.yaml | 44 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)
 create mode 100644 .coderabbit.yaml

diff --git a/.coderabbit.yaml b/.coderabbit.yaml
new file mode 100644
index 0000000..44d25ac
--- /dev/null
+++ b/.coderabbit.yaml
@@ -0,0 +1,44 @@
+# CodeRabbit Configuration — WEVAL Consulting
+# https://docs.coderabbit.ai/guides/configure-coderabbit
+
+language: fr
+reviews:
+  profile: assertive
+  request_changes_workflow: true
+  high_level_summary: true
+  poem: false
+  auto_title_placeholder: "[CodeRabbit]"
+  path_instructions:
+    - path: "**/*.php"
+      instructions: |
+        Vérifier: SQL injection (prepared statements), credentials hardcodées (utiliser credentials.php),
+        expositions d'infos internes (Ollama/Groq/Cerebras/Hetzner = JAMAIS en public).
+        Pas de mb_strtoupper/mb_strtolower sur S95.
+    - path: "**/*.html"
+      instructions: |
+        Vérifier: fautes de français, branding (WEVIA Engine, jamais Ollama/vLLM),
+        liens morts, CSP compatibility React SPA.
+    - path: "**/*.js"
+      instructions: |
+        Vérifier: console.log en production, credentials exposées, XSS via innerHTML.
+    - path: "**/api/**"
+      instructions: |
+        Vérifier: authentification, rate limiting, audit logging, CORS headers.
+    - path: "**/products/**"
+      instructions: |
+        Vérifier: orthographe française, cohérence branding, meta tags SEO.
+  tools:
+    shellcheck:
+      enabled: true
+    ruff:
+      enabled: true
+    biome:
+      enabled: true
+    hadolint:
+      enabled: true
+    yamllint:
+      enabled: true
+    phpstan:
+      enabled: true
+chat:
+  auto_reply: true