Chore/add GitHub config

[louisdevzz]

Summary

Describe this PR in 2-5 bullets:

• Base branch target (main by default; use dev only when maintainers explicitly request integration batching):
• Problem:
• Why it matters:
• What changed:
• What did not change (scope boundary):

Label Snapshot (required)

• Risk label (risk: low|medium|high):
• Size label (size: XS|S|M|L|XL, auto-managed/read-only):
• Scope labels (core|agent|channel|config|cron|daemon|doctor|gateway|health|heartbeat|integration|memory|observability|onboard|provider|runtime|security|service|skillforge|skills|tool|tunnel|docs|dependencies|ci|tests|scripts|dev, comma-separated):
• Module labels (<module>: <component>, for example channel: telegram, provider: kimi, tool: shell):
• Contributor tier label (trusted contributor|experienced contributor|principal contributor|distinguished contributor, auto-managed/read-only; author merged PRs >=5/10/20/50):
• If any auto-label is incorrect, note requested correction:

Change Metadata

• Change type (bug|feature|refactor|docs|security|chore):
• Primary scope (runtime|provider|channel|memory|security|ci|docs|multi):

Linked Issue

• Closes #
• Related #
• Depends on # (if stacked)
• Existing overlapping PR(s) reviewed for this issue (list #<pr> by @<author> or N/A):
• Supersedes # (if replacing older PR)
• Linear issue key(s) (required, e.g. RMN-123):
• Linear issue URL(s):

Supersede Attribution (required when Supersedes # is used)

• Superseded PRs + authors (#<pr> by @<author>, one per line):
• Integrated scope by source PR (what was materially carried forward):
• Co-authored-by trailers added for materially incorporated contributors? (Yes/No)
• If No, explain why (for example: inspiration-only, no direct code/design carry-over):
• Trailer format check (separate lines, no escaped \n): (Pass/Fail)

Validation Evidence (required)

Commands and result summary:

cargo fmt --all -- --check
cargo clippy --all-targets -- -D warnings
cargo test

• Evidence provided (test/log/trace/screenshot/perf):
• If any command is intentionally skipped, explain why:

Security Impact (required)

• New permissions/capabilities? (Yes/No)
• New external network calls? (Yes/No)
• Secrets/tokens handling changed? (Yes/No)
• File system access scope changed? (Yes/No)
• If any Yes, describe risk and mitigation:

Privacy and Data Hygiene (required)

• Data-hygiene status (pass|needs-follow-up):
• Redaction/anonymization notes:
• Neutral wording confirmation (use ZeroClaw/project-native labels if identity-like wording is needed):

Compatibility / Migration

• Backward compatible? (Yes/No)
• Config/env changes? (Yes/No)
• Migration needed? (Yes/No)
• If yes, exact upgrade steps:

i18n Follow-Through (required when docs or user-facing wording changes)

• i18n follow-through triggered? (Yes/No)
• If Yes, locale navigation parity updated in README*, docs/README*, and docs/SUMMARY.md for supported locales (en, zh-CN, ja, ru, fr, vi)? (Yes/No)
• If Yes, localized runtime-contract docs updated where equivalents exist (minimum for fr/vi: commands-reference, config-reference, troubleshooting)? (Yes/No/N.A.)
• If Yes, Vietnamese canonical docs under docs/i18n/vi/** synced and compatibility shims under docs/*.vi.md validated? (Yes/No/N.A.)
• If any No/N.A., link follow-up issue/PR and explain scope decision:

Human Verification (required)

What was personally validated beyond CI:

• Verified scenarios:
• Edge cases checked:
• What was not verified:

Side Effects / Blast Radius (required)

• Affected subsystems/workflows:
• Potential unintended effects:
• Guardrails/monitoring for early detection:

Agent Collaboration Notes (recommended)

• Agent tools used (if any):
• Workflow/plan summary (if any):
• Verification focus:
• Confirmation: naming + architecture boundaries followed (AGENTS.md + CONTRIBUTING.md):

Rollback Plan (required)

• Fast rollback command/path:
• Feature flags or config toggles (if any):
• Observable failure symptoms:

Risks and Mitigations

List real risks in this PR (or write None).

• Risk:
  • Mitigation:

[coderabbitai]

Warning

Rate limit exceeded

@louisdevzz has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 10 minutes and 28 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: d5beccc8-47da-495b-9fda-b450b563e85b

📥 Commits

Reviewing files that changed from the base of the PR and between 7a1de51 and f4148de.

📒 Files selected for processing (27)

• .env.example
• .github/ISSUE_TEMPLATE/bug_report.yml
• .github/ISSUE_TEMPLATE/config.yml
• .github/codeql/codeql-config.yml
• .github/pull_request_template.md
• .github/release/canary-policy.json
• .github/release/docs-deploy-policy.json
• .github/release/ghcr-tag-policy.json
• .github/release/ghcr-vulnerability-policy.json
• .github/release/nightly-owner-routing.json
• .github/release/prerelease-stage-gates.json
• .github/release/release-artifact-contract.json
• .github/security/deny-ignore-governance.json
• .github/security/gitleaks-allowlist-governance.json
• .github/security/unsafe-audit-governance.json
• .github/workflows/ci-run.yml
• .github/workflows/ci-supply-chain-provenance.yml
• .github/workflows/docs-deploy.yml
• .github/workflows/main-branch-flow.md
• .github/workflows/pr-auto-response.yml
• .github/workflows/pub-docker-img.yml
• .github/workflows/pub-prerelease.yml
• .github/workflows/pub-release.yml
• .github/workflows/scripts/ci_license_file_owner_guard.js
• .github/workflows/scripts/ci_workflow_owner_approval.js
• .github/workflows/sec-audit.yml
• .github/workflows/sync-contributors.yml

Warning

.coderabbit.yaml has a parsing error

The CodeRabbit configuration file in this repository has a parsing error and default settings were used instead. Please fix the error(s) in the configuration file. You can initialize chat with CodeRabbit to get help with the configuration file.

💥 Parsing errors (1)

Validation error: Expected boolean, received object at "reviews.poem"

⚙️ Configuration instructions

• Please see the configuration documentation for more information.
• You can also validate your configuration using the online YAML validator.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch chore/add-github-config

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}