Merge branch 'main' into fix/sidebar-tools

Author: alexcoderabbitai

docs/changelog.md

@@ -5,6 +5,16 @@ description: The latest updates and changes to CodeRabbit.
 sidebar_position: 13
 ---
 
+## July 10, 2025
+
+### Enhanced Python Static Analysis: nbqa Support for Jupyter Notebooks
+
+We're excited to announce enhanced Python static analysis capabilities with nbqa support for Jupyter Notebooks!
+
+Our existing integrated [Ruff](https://docs.astral.sh/ruff/), [Flake8](https://flake8.pycqa.org/) and [Pylint](https://pylint.pycqa.org/) tools now support linting Jupyter Notebooks (`.ipynb` files) using [nbqa](https://github.com/nbQA-dev/nbQA). This allows you to maintain code quality across your Python projects, including Jupyter Notebooks.
+
+See our [Ruff](/tools/ruff), [Flake8](/tools/flake8), and [Pylint](/tools/pylint) documentation for more details.
+
 ## July 3, 2025
 
 ### Enhanced Python Static Analysis: Flake8 Support

docs/guides/code-review-overview.md

@@ -4,6 +4,8 @@ description: An overview of CodeRabbit's core code review features.
 sidebar_label: Overview
 ---
 
+import ProPlanNotice from '@site/src/components/ProPlanNotice.mdx'
+
 The central feature of CodeRabbit is its ability to proactively review
 new pull requests on your code repository.
 
@@ -42,6 +44,15 @@ perform a code review:
 - If an open pull request that CodeRabbit has already reviewed gets modified with another
   commit, then CodeRabbit performs an incremental review that focuses on the new commit.
 
+### Which pull requests get automatically reviewed {#eligibility}
+
+CodeRabbit automatically reviews a pull request when **either** of the following statements is true:
+
+- The pull request is in a public repository. CodeRabbit reviews pull requests against the main branch of your public repositories by default. This feature is available to every subscription tier, including the free plan.
+- The pull request is in a private repository and your organization is on the Pro plan with a seat assigned to you. Only under this condition does CodeRabbit review private-repository pull requests.
+
+<ProPlanNotice />
+
 ## Interact with CodeRabbit reviews {#interact}
 
 After CodeRabbit attaches its initial code-review comment to a pull request, you can

docs/guides/configuration-overview.md

@@ -46,6 +46,28 @@ For more information, see [Set your repository preferences](/guides/repository-s
 
 While the web interface provides and easier way to explore the available configuration options for your repository, we recommend using a `.coderabbit.yaml` file [as a best practice](/guides/setup-best-practices#yaml).
 
+## Configuration priority {#priority}
+
+CodeRabbit follows a specific hierarchy when determining which configuration settings to use. Understanding this priority system helps you manage your configuration effectively:
+
+### Priority order (highest to lowest)
+
+1. **Local `.coderabbit.yaml` file of head branch**
+2. **Repository settings** (web UI)
+3. **Organization settings** (web UI)
+
+### How priority works
+
+- **If you have a local `.coderabbit.yaml` file in your head branch**: All repository and organization settings are ignored. Only the local YAML file configuration is used. Anything not defined in that file uses default settings.
+- **If you don't have a local YAML file but have enabled repository settings**: Organization settings are ignored. Only repository settings are used.
+- **If you have organization settings and repository settings are disabled**: Only organization settings are used.
+
+### Configuration inheritance
+
+When a configuration source is active, it completely overrides all lower-priority sources. For example, if you set `reviews.tools.github-checks.timeout_ms` to `900000` in organization settings, but you have a local `.coderabbit.yaml` file that doesn't define this setting, CodeRabbit will use the default value of `90000` instead of the organization setting.
+
+This means that configuration is not merged or inherited - the highest priority source takes complete control over all settings.
+
 ## Initial configuration {#initial}
 
 The [Initial configuration guide](/guides/initial-configuration) tours you through several settings that we

docs/guides/initial-configuration.md

@@ -72,7 +72,7 @@ By default, CodeRabbit writes thorough code reviews with several sub-sections. I
 - [Related issues](/reference/configuration#related-issues): lists issues found in your issue tracker that might be related to this pull request.
 - [Related pull requests](/reference/configuration#realted-prs): lists pull requests that might be related to this pull request.
 - [Suggested labels](/reference/configuration#suggested-labels): Suggests labels for this pull request.
-- [Suggested reviewers](/reference/configuration#suggested-reveiwers): automatically suggest reviewers for PR
+- [Suggested reviewers](/reference/configuration#suggested-reviewers): automatically suggest reviewers for PR
 - [Poem](/reference/configuration#poem): generates a short poem about this pull request.
 
 ## Adjust path-specific CodeRabbit behavior {#path}

docs/reference/configuration.md

@@ -2850,6 +2850,47 @@ ESLint is a static code analysis tool for JavaScript files.
 
 ESLint is a static code analysis tool for JavaScript files.
 
+### Flake8
+
+Flake8 is a static code analysis tool for Python files.
+
+#### Enable Flake8
+
+<Tabs groupId="config-setting">
+  <TabItem value="web-ui" label="Web UI">
+    <table>
+      <tbody>
+      <tr>
+        <td><strong>Location</strong></td>
+        <td>Review &gt; Tools &gt; Flake8 &gt; Enable</td>
+      </tr>
+      <tr>
+        <td><strong>Default</strong></td>
+        <td>true</td>
+      </tr>
+    </tbody></table>
+  </TabItem>
+  <TabItem value="yaml" label=".coderabbit.yaml" default>
+    <table>
+      <tbody>
+      <tr>
+        <td><strong>Field</strong></td>
+        <td>`reviews.tools.flake8.enabled`</td>
+      </tr>
+      <tr>
+        <td><strong>Datatype</strong></td>
+        <td>boolean</td>
+      </tr>
+      <tr>
+        <td><strong>Default</strong></td>
+        <td>true</td>
+      </tr>
+    </tbody></table>
+  </TabItem>
+</Tabs>
+
+Flake8 is a static code analysis tool for Python files.
+
 ### GitHub Checks
 
 GitHub Checks integration configuration.
@@ -3511,19 +3552,19 @@ markdownlint-cli2 is a static analysis tool to enforce standards and consistency
 
 markdownlint-cli2 is a static analysis tool to enforce standards and consistency for Markdown files.
 
-### OXC
+### Oxlint
 
-OXC is a JavaScript/TypeScript linter written in Rust.
+Oxlint is a JavaScript/TypeScript linter for OXC written in Rust.
 
-#### Enable OXC
+#### Enable Oxlint
 
 <Tabs groupId="config-setting">
   <TabItem value="web-ui" label="Web UI">
     <table>
       <tbody>
       <tr>
         <td><strong>Location</strong></td>
-        <td>Review > Tools > Enable OXC</td>
+        <td>Review > Tools > Enable Oxlint</td>
       </tr>
       <tr>
         <td><strong>Default</strong></td>
@@ -3550,7 +3591,7 @@ OXC is a JavaScript/TypeScript linter written in Rust.
   </TabItem>
 </Tabs>
 
-OXC is a JavaScript/TypeScript linter written in Rust.
+Oxlint is a JavaScript/TypeScript linter for OXC written in Rust.
 
 ### PHPStan
 
@@ -3708,6 +3749,88 @@ Enable PMD.
 
 Optional path to the PMD configuration file relative to the repository.
 
+### PHPMD
+
+PHPMD is a static code analysis tool for PHP files.
+
+#### Enable PHPMD
+
+<Tabs groupId="config-setting">
+  <TabItem value="web-ui" label="Web UI">
+    <table>
+      <tbody>
+      <tr>
+        <td><strong>Location</strong></td>
+        <td>Review &gt; Tools &gt; Enable PHPMD</td>
+      </tr>
+      <tr>
+        <td><strong>Default</strong></td>
+        <td>true</td>
+      </tr>
+    </tbody></table>
+  </TabItem>
+  <TabItem value="yaml" label=".coderabbit.yaml" default>
+    <table>
+      <tbody>
+      <tr>
+        <td><strong>Field</strong></td>
+        <td>`reviews.tools.phpmd.enabled`</td>
+      </tr>
+      <tr>
+        <td><strong>Datatype</strong></td>
+        <td>boolean</td>
+      </tr>
+      <tr>
+        <td><strong>Default</strong></td>
+        <td>true</td>
+      </tr>
+    </tbody></table>
+  </TabItem>
+</Tabs>
+
+PHPMD is a static code analysis tool for PHP files.
+
+### PHPCS
+
+PHPCS is a static code analysis and coding-standard checker for PHP (plus JS/CSS) files.
+
+#### Enable PHPCS
+
+<Tabs groupId="config-setting">
+  <TabItem value="web-ui" label="Web UI">
+    <table>
+      <tbody>
+      <tr>
+        <td><strong>Location</strong></td>
+        <td>Review &gt; Tools &gt; Enable PHPCS</td>
+      </tr>
+      <tr>
+        <td><strong>Default</strong></td>
+        <td>true</td>
+      </tr>
+    </tbody></table>
+  </TabItem>
+  <TabItem value="yaml" label=".coderabbit.yaml" default>
+    <table>
+      <tbody>
+      <tr>
+        <td><strong>Field</strong></td>
+        <td>`reviews.tools.phpcs.enabled`</td>
+      </tr>
+      <tr>
+        <td><strong>Datatype</strong></td>
+        <td>boolean</td>
+      </tr>
+      <tr>
+        <td><strong>Default</strong></td>
+        <td>true</td>
+      </tr>
+    </tbody></table>
+  </TabItem>
+</Tabs>
+
+PHPCS is a static code analysis tool for PHP, JavaScript and CSS files.
+
 ### Prisma Schema Linting
 
 Configuration for Prisma Schema linting to ensure schema file quality

docs/reference/yaml-template.md

@@ -107,6 +107,8 @@ reviews:
       config_file: ""
     eslint:
       enabled: true
+    flake8:
+      enabled: true
     rubocop:
       enabled: true
     buf:
@@ -118,6 +120,10 @@ reviews:
     pmd:
       enabled: true
       config_file: ""
+    phpmd:
+      enabled: true
+    phpcs:
+      enabled: true
     cppcheck:
       enabled: true
     semgrep:

docs/self-hosted/azure-devops.md

@@ -127,13 +127,16 @@ LINEAR_PAT=[<linear-personal-access-token>]
 
 ENABLE_WEB_SEARCH=[true]
 PERPLEXITY_API_KEY=[<perplexity-api-key>]
+
+YAML_CONFIG=[<escaped-yaml-config>]
 ```
 
 :::note
 
 - If you are using Azure OpenAI, verify that the model deployment names are in the .env file.
 - Values marked with [] are not optional to provide.
 - You can generate `CODERABBIT_API_KEY` from CodeRabbit UI -> Organizations Settings -> API Keys.
+- `YAML_CONFIG` is an optional configuration file that can be used to customize CodeRabbit's behavior at the deployment level. It takes the same format as the [CodeRabbit YAML configuration](/docs/getting-started/configure-coderabbit.md) file. It requires the entire YAML file to be in an escaped string format, for example, `YAML_CONFIG="key1: value1\nkey2: value2"`. You can use [Escape YAML](https://escapeyaml.dev/) to generate the escaped string.
 
 :::
 

docs/self-hosted/bitbucket.md

@@ -122,13 +122,16 @@ LINEAR_PAT=[<linear-personal-access-token>]
 
 ENABLE_WEB_SEARCH=[true]
 PERPLEXITY_API_KEY=[<perplexity-api-key>]
+
+YAML_CONFIG=[<escaped-yaml-config>]
 ```
 
 :::note
 
 - If you are using Azure OpenAI, verify that the model deployment names are in the .env file.
   Values marked with [] are optional and can be omitted if the feature is not needed.
 - You can generate `CODERABBIT_API_KEY` from CodeRabbit UI -> Organizations Settings -> API Keys.
+- `YAML_CONFIG` is an optional configuration file that can be used to customize CodeRabbit's behavior at the deployment level. It takes the same format as the [CodeRabbit YAML configuration](/docs/getting-started/configure-coderabbit.md) file. It requires the entire YAML file to be in an escaped string format, for example, `YAML_CONFIG="key1: value1\nkey2: value2"`. You can use [Escape YAML](https://escapeyaml.dev/) to generate the escaped string.
 
 :::
 

docs/self-hosted/github.md

@@ -140,6 +140,8 @@ LINEAR_PAT=[<linear-personal-access-token>]
 
 ENABLE_WEB_SEARCH=[true]
 PERPLEXITY_API_KEY=[<perplexity-api-key>]
+
+YAML_CONFIG=[<escaped-yaml-config>]
 ```
 
 :::note
@@ -150,6 +152,7 @@ PERPLEXITY_API_KEY=[<perplexity-api-key>]
 - For `GITHUB_HOSTNAME`, use GitHub Enterprise server's hostname, for example, “github.acme-inc.com”
 - You can generate `CODERABBIT_API_KEY` from CodeRabbit UI -> Organizations Settings -> API Keys.
 - When `ENABLE_LEARNINGS` is set to `true`, CodeRabbit will use `CODERABBIT_API_KEY` to store learnings on our servers.
+- `YAML_CONFIG` is an optional configuration file that can be used to customize CodeRabbit's behavior at the deployment level. It takes the same format as the [CodeRabbit YAML configuration](/docs/getting-started/configure-coderabbit.md) file. It requires the entire YAML file to be in an escaped string format, for example, `YAML_CONFIG="key1: value1\nkey2: value2"`. You can use [Escape YAML](https://escapeyaml.dev/) to generate the escaped string.
 
 :::
 

docs/self-hosted/gitlab.md

@@ -37,13 +37,46 @@ Consult official CodeRabbitAI documentation for a detailed [guide](https://docs.
 1. **Navigate to Add Webhook Page**: Go to the webhook configuration page in the desired GitLab project.
 2. **Add Webhook URL**: Enter the URL pointing to the CodeRabbit service, followed by `/gitlab_webhooks` (e.g., `http://127.0.0.1:8080/gitlab_webhooks`).
 3. **Generate and Save Secret Token**: Generate a secret token, add it to the webhook, and store it securely. This will be needed for the `.env` file as `GITLAB_WEBHOOK_SECRET` (you can use a single secret token for all projects).
-4. Select triggers:
+4. **Select triggers**:
 
    - Push events
    - Comments
    - Issues events
    - Merge request events
 
+## Add Webhook Using a Script
+
+We have a convenient [script](/code/gitlab-webhook.sh) to help you add webhooks to a project or all projects under a group in a GitLab instance.
+
+```bash
+# Make sure the script is executable:
+chmod +x gitlab-webhook.sh
+```
+
+Example usage:
+
+```bash
+# PAT example (header auto-detected)
+export GITLAB_TOKEN="glpat-xxxxx"
+./gitlab-add-webhook.sh \
+  -h "gitlab.example.com" -u "http://<coderabbit-agent-addr>/gitlab_webhooks" \
+  -s "mySecret" -p 42
+
+# PAT example (explicit header)
+./gitlab-add-webhook.sh \
+  -h "gitlab.example.com" -u "http://<coderabbit-agent-addr>/gitlab_webhooks" \
+  -s "mySecret" -g "mygroup/mysubgroup/myproject" \
+  -t "glpat-xxxxx" \
+  -A "PRIVATE-TOKEN"
+
+# OAuth token with explicit header
+./gitlab-add-webhook.sh \
+  -h "gitlab.example.com" -u "http://<coderabbit-agent-addr>/gitlab_webhooks" \
+  -s "mySecret" -g "company/backend" \
+  -t "eyJhbGciOi..." \
+  -A "Authorization: Bearer"
+```
+
 ## Prepare a `.env` file
 
 Create a `.env` file with the following content:
@@ -134,13 +167,16 @@ LINEAR_PAT=[<linear-personal-access-token>]
 
 ENABLE_WEB_SEARCH=[true]
 PERPLEXITY_API_KEY=[<perplexity-api-key>]
+
+YAML_CONFIG=[<escaped-yaml-config>]
 ```
 
 :::note
 
 - If you are using Azure OpenAI, verify that the model deployment names are in the .env file.
 - Values marked with [] are not optional to provide.
 - You can generate `CODERABBIT_API_KEY` from CodeRabbit UI -> Organizations Settings -> API Keys.
+- `YAML_CONFIG` is an optional configuration file that can be used to customize CodeRabbit's behavior at the deployment level. It takes the same format as the [CodeRabbit YAML configuration](/docs/getting-started/configure-coderabbit.md) file. It requires the entire YAML file to be in an escaped string format, for example, `YAML_CONFIG="key1: value1\nkey2: value2"`. You can use [Escape YAML](https://escapeyaml.dev/) to generate the escaped string.
 
 :::