coderabbit-multi-env-setup

Configure CodeRabbit review behavior per branch and environment using path instructions and base branches. Use when setting different review profiles per branch, configuring stricter reviews for release branches, or customizing CodeRabbit behavior across dev/staging/prod workflows. Trigger with phrases like "coderabbit environments", "coderabbit staging", "coderabbit per-branch config", "coderabbit release review", "coderabbit environment setup".

1,868 stars

byjeremylongshore

View on GitHub Installation ↓

Best use case

coderabbit-multi-env-setup is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Teams using coderabbit-multi-env-setup should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

You only need a quick one-off answer and do not need a reusable workflow.
You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/coderabbit-multi-env-setup/SKILL.md --create-dirs "https://raw.githubusercontent.com/jeremylongshore/claude-code-plugins-plus-skills/main/plugins/saas-packs/coderabbit-pack/skills/coderabbit-multi-env-setup/SKILL.md"

Manual Installation

Download SKILL.md from GitHub
Place it in .claude/skills/coderabbit-multi-env-setup/SKILL.md inside your project
Restart your AI agent — it will auto-discover the skill

How coderabbit-multi-env-setup Compares

Feature / Agent	coderabbit-multi-env-setup	Standard Approach
Platform Support	Not specified	Limited / Varies
Context Awareness	High	Baseline
Installation Complexity	Unknown	N/A

Frequently Asked Questions

What does this skill do?

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

Related Guides

Best AI Skills for Claude

Explore the best AI skills for Claude and Claude Code across coding, research, workflow automation, documentation, and agent operations.

Cursor vs Codex for AI Workflows

Compare Cursor and Codex for AI coding workflows, repository assistance, debugging, refactoring, and reusable developer skills.

AI Agents for Coding

Browse AI agent skills for coding, debugging, testing, refactoring, code review, and developer workflows across Claude, Cursor, and Codex.

SKILL.md Source

# CodeRabbit Multi-Environment Setup

## Overview
Configure CodeRabbit review behavior based on branch targets and environments. CodeRabbit reads `.coderabbit.yaml` from the PR's base branch, allowing different review configurations per branch. This enables stricter reviews for production branches, relaxed reviews for development, and custom instructions per environment.

## Prerequisites
- CodeRabbit GitHub App installed on repository
- Branch strategy defined (e.g., GitFlow, trunk-based, GitHub Flow)
- `.coderabbit.yaml` committed to each relevant branch

## How Branch-Based Config Works
```
Developer opens PR: feature/auth → develop
  CodeRabbit reads: .coderabbit.yaml from develop branch
  Profile: "chill" (development, quick iteration)

Developer opens PR: develop → main
  CodeRabbit reads: .coderabbit.yaml from main branch
  Profile: "assertive" (production, thorough review)

Developer opens PR: hotfix/fix → release/v2.1
  CodeRabbit reads: .coderabbit.yaml from release/v2.1 branch
  Profile: "assertive" + security-focused instructions
```

## Instructions

### Step 1: Configure Development Branch (Relaxed)
```yaml
# .coderabbit.yaml on develop branch
language: "en-US"

reviews:
  profile: "chill"                     # Fewer comments for rapid iteration
  request_changes_workflow: false      # Don't block merges to develop
  high_level_summary: true
  sequence_diagrams: false             # Skip diagrams for dev PRs

  auto_review:
    enabled: true
    drafts: false
    base_branches:
      - develop
    ignore_title_keywords:
      - "WIP"
      - "DO NOT MERGE"
      - "experiment"

  path_filters:
    - "!**/*.lock"
    - "!**/*.snap"
    - "!dist/**"
    - "!**/*.generated.*"

  path_instructions:
    - path: "**"
      instructions: |
        Development branch review:
        - Only flag bugs, security issues, and obvious errors
        - Do NOT comment on code style, naming, or formatting
        - Do NOT suggest refactoring unless it fixes a bug

chat:
  auto_reply: true
```

### Step 2: Configure Production Branch (Strict)
```yaml
# .coderabbit.yaml on main branch
language: "en-US"

reviews:
  profile: "assertive"                 # Thorough review for production
  request_changes_workflow: true       # Block merge on issues
  high_level_summary: true
  high_level_summary_in_walkthrough: true
  sequence_diagrams: true
  review_status: true

  auto_review:
    enabled: true
    drafts: false
    base_branches:
      - main

  path_filters:
    - "!**/*.lock"
    - "!**/*.snap"
    - "!dist/**"
    - "!vendor/**"

  path_instructions:
    - path: "**"
      instructions: |
        Production review checklist:
        1. Flag any hardcoded secrets, API keys, or credentials
        2. Check error handling: no empty catch blocks, proper error propagation
        3. Verify input validation on all API endpoints
        4. Check for proper logging (structured, no PII)

    - path: "src/api/**"
      instructions: |
        API review (production):
        - Verify proper HTTP status codes
        - Check auth middleware is applied to protected routes
        - Validate request bodies with schema validation
        - Ensure error responses follow RFC 7807 format
        - Flag missing rate limiting

    - path: "src/db/**"
      instructions: |
        Database review (production):
        - All queries MUST use parameterized statements
        - Transactions required for multi-table mutations
        - Check for N+1 query patterns
        - Verify index usage for complex queries
        - Flag any raw SQL string concatenation

    - path: ".github/workflows/**"
      instructions: |
        CI/CD review (production):
        - Pin ALL action versions to SHA (not tags)
        - Never echo or log secrets
        - Include timeout-minutes on all jobs
        - Use OIDC for cloud provider authentication

chat:
  auto_reply: true
```

### Step 3: Configure Release Branch (Security-Focused)
```yaml
# .coderabbit.yaml on release/* branches
language: "en-US"

reviews:
  profile: "assertive"
  request_changes_workflow: true       # Block merges on issues

  auto_review:
    enabled: true
    drafts: false
    base_branches:
      - "release/*"

  path_instructions:
    - path: "**"
      instructions: |
        RELEASE BRANCH - Security and stability focus:
        1. Flag ANY security vulnerability (priority over all other feedback)
        2. Check for backward compatibility
        3. Verify no debug code (console.log, debugger statements)
        4. Ensure proper error messages (no stack traces exposed to users)
        5. Check for feature flags guarding unreleased features
        Only provide feedback on bugs and security. Skip style comments entirely.

    - path: "src/auth/**"
      instructions: |
        CRITICAL PATH for release. Check:
        - Token validation and expiry
        - Session management security
        - CSRF protection
        - No auth bypass vulnerabilities

chat:
  auto_reply: true
```

### Step 4: Maintain Branch Configs with a Script
```bash
#!/bin/bash
# update-coderabbit-configs.sh - Keep branch configs in sync
set -euo pipefail

CURRENT_BRANCH=$(git branch --show-current)

# Update develop branch config
git checkout develop 2>/dev/null || git checkout -b develop
cp configs/coderabbit-develop.yaml .coderabbit.yaml
git add .coderabbit.yaml
git diff --cached --quiet || git commit -m "chore: update CodeRabbit config for develop"

# Update main branch config
git checkout main
cp configs/coderabbit-main.yaml .coderabbit.yaml
git add .coderabbit.yaml
git diff --cached --quiet || git commit -m "chore: update CodeRabbit config for main"

# Return to original branch
git checkout "$CURRENT_BRANCH"

echo "CodeRabbit configs updated on develop and main"
echo "Push both branches to apply: git push origin develop main"
```

### Step 5: Verify Per-Branch Configuration
```markdown
# On a PR targeting develop:
@coderabbitai configuration
# Should show: profile: "chill", request_changes_workflow: false

# On a PR targeting main:
@coderabbitai configuration
# Should show: profile: "assertive", request_changes_workflow: true

# If both show the same config, the branch-specific .coderabbit.yaml
# is not committed to the base branch. Verify with:
# git show main:.coderabbit.yaml
# git show develop:.coderabbit.yaml
```

### Step 6: Branch Protection per Environment
```bash
set -euo pipefail
OWNER="your-org"
REPO="your-repo"

# Main: require CodeRabbit approval
gh api "repos/$OWNER/$REPO/branches/main/protection" \
  --method PUT \
  --field 'required_status_checks={"strict":true,"contexts":["coderabbitai"]}' \
  --field 'required_pull_request_reviews={"required_approving_review_count":1}' \
  --field 'enforce_admins=true' \
  --field 'restrictions=null'

# Develop: CodeRabbit review optional (not required)
gh api "repos/$OWNER/$REPO/branches/develop/protection" \
  --method PUT \
  --field 'required_status_checks={"strict":false,"contexts":[]}' \
  --field 'required_pull_request_reviews={"required_approving_review_count":0}' \
  --field 'enforce_admins=false' \
  --field 'restrictions=null'

echo "Branch protection configured"
echo "  main: CodeRabbit required"
echo "  develop: CodeRabbit optional"
```

## Output
- Branch-specific `.coderabbit.yaml` configs committed
- Development branch with relaxed review profile
- Production branch with strict review and security instructions
- Release branches with security-focused review
- Branch protection rules aligned with review policies

## Error Handling
| Issue | Cause | Solution |
|-------|-------|----------|
| Same review profile on all branches | Config only on one branch | Commit different `.coderabbit.yaml` to each base branch |
| Config changes not applied | YAML not on the base branch | Merge config changes to the target branch first |
| PR to main gets "chill" review | `.coderabbit.yaml` on main has wrong profile | Check config with `git show main:.coderabbit.yaml` |
| Release branch not reviewed | `base_branches` doesn't include `release/*` | Add glob pattern `release/*` to base_branches |

## Resources
- [CodeRabbit Configuration Reference](https://docs.coderabbit.ai/reference/configuration)
- [CodeRabbit Branch-Based Config](https://docs.coderabbit.ai/guides/review-instructions)
- [GitHub Branch Protection](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository)

## Next Steps
For deployment and org-wide rollout, see `coderabbit-deploy-integration`.

Related Skills

windsurf-multi-env-setup

1868

from jeremylongshore/claude-code-plugins-plus-skills

Configure Windsurf IDE and Cascade AI across team members and project environments. Use when onboarding teams to Windsurf, setting up per-project Cascade configuration, or managing Windsurf settings across development, staging, and production contexts. Trigger with phrases like "windsurf team setup", "windsurf environments", "windsurf multi-project", "windsurf team config", "cascade rules per env".

webflow-multi-env-setup

1868

from jeremylongshore/claude-code-plugins-plus-skills

Configure Webflow across development, staging, and production environments with per-environment API tokens, site IDs, and secret management via Vault/AWS/GCP. Trigger with phrases like "webflow environments", "webflow staging", "webflow dev prod", "webflow environment setup", "webflow config by env".

vercel-multi-env-setup

1868

from jeremylongshore/claude-code-plugins-plus-skills

Configure Vercel across development, preview, and production environments with scoped secrets. Use when setting up per-environment configuration, managing environment-specific variables, or implementing environment isolation on Vercel. Trigger with phrases like "vercel environments", "vercel staging", "vercel dev prod", "vercel environment setup", "vercel env scoping".

veeva-multi-env-setup

1868

from jeremylongshore/claude-code-plugins-plus-skills

Veeva Vault multi env setup for enterprise operations. Use when implementing advanced Veeva Vault patterns. Trigger: "veeva multi env setup".

vastai-multi-env-setup

1868

from jeremylongshore/claude-code-plugins-plus-skills

Configure Vast.ai GPU cloud across dev, staging, and production environments. Use when isolating GPU pools per team, managing API key separation by env, or implementing spending controls per deployment tier. Trigger with phrases like "vastai environments", "vastai staging", "vastai dev prod", "vastai multi-env".

supabase-multi-env-setup

1868

from jeremylongshore/claude-code-plugins-plus-skills

Configure Supabase across development, staging, and production with separate projects, environment-specific secrets, and safe migration promotion. Use when setting up multi-environment deployments, isolating dev from prod data, configuring per-environment Supabase projects, or promoting migrations through environments. Trigger: "supabase environments", "supabase staging", "supabase dev prod", "supabase multi-project", "supabase env config", "database branching".

speak-multi-env-setup

1868

from jeremylongshore/claude-code-plugins-plus-skills

Configure Speak across dev, staging, and production with separate API keys and mock modes. Use when implementing multi env setup, or managing Speak language learning platform operations. Trigger with phrases like "speak multi env setup", "speak multi env setup".

snowflake-multi-env-setup

1868

from jeremylongshore/claude-code-plugins-plus-skills

Configure Snowflake across dev, staging, and production with account-level isolation, zero-copy clones, and environment-specific RBAC. Trigger with phrases like "snowflake environments", "snowflake staging", "snowflake dev prod", "snowflake clone", "snowflake environment setup".

windsurf-workspace-setup

1868

from jeremylongshore/claude-code-plugins-plus-skills

Initialize Windsurf workspace with project-specific AI rules. Activate when users mention "create windsurfrules", "setup workspace", "configure project ai", "initialize windsurf workspace", or "migrate to windsurf". Handles workspace configuration and team standardization. Use when working with windsurf workspace setup functionality. Trigger with phrases like "windsurf workspace setup", "windsurf setup", "windsurf".

windsurf-multi-file-editing

1868

from jeremylongshore/claude-code-plugins-plus-skills

Manage multi-file edits with Cascade coordination. Activate when users mention "multi-file edit", "edit multiple files", "cross-file changes", "refactor across files", or "batch modifications". Handles coordinated multi-file operations. Use when working with windsurf multi file editing functionality. Trigger with phrases like "windsurf multi file editing", "windsurf editing", "windsurf".

shopify-multi-env-setup

1868

from jeremylongshore/claude-code-plugins-plus-skills

Configure Shopify apps across development, staging, and production environments with separate stores, API credentials, and app instances. Trigger with phrases like "shopify environments", "shopify staging", "shopify dev vs prod", "shopify multi-store", "shopify environment setup".

salesforce-multi-env-setup

1868

from jeremylongshore/claude-code-plugins-plus-skills

Configure Salesforce across Developer, Sandbox, and Production environments with proper org management. Use when setting up multi-environment deployments, configuring per-environment credentials, or implementing sandbox-to-production promotion flows. Trigger with phrases like "salesforce environments", "salesforce sandbox", "salesforce dev prod", "salesforce org management", "salesforce sandbox types".