Configuration
CodeComments works out of the box with zero setup. Drop a .commentsoncode.yml at the root of a repo when you need to change defaults.
Location
Commit .commentsoncode.yml to the root of your repo's default branch. CodeComments fetches it on every review; changes take effect on the next PR.
Currently supported on GitHub. GitLab support is on the roadmap.
Schema
# .commentsoncode.yml
reviews:
enabled: true # set false to pause auto-reviews on this repo
ignore_paths: # glob patterns skipped entirely
- "migrations/**"
- "generated/**"
- "**/*.snap"
custom_checks: # extra pre-merge checks, added to the standard 5
- name: "Feature flag wrap"
prompt: >
Any new endpoint must be wrapped in an `isEnabled("flag")` check.
Fail if a new route handler ships without one.Fields
reviews.enabled (default: true) — when false, CodeComments skips the repo with a one-line note on each PR.
reviews.ignore_paths (default: empty) — array of glob patterns. Matching files are filtered before any Claude call. Useful for generated code, large fixtures, or docs.
reviews.custom_checks (default: empty) — up to 10 additional pre-merge checks specific to your codebase. Each check is given to Claude as untrusted data with a strict length cap and appears in the PR's "Pre-merge checks" block alongside the 5 standard checks.
Standard pre-merge checks
Every review runs these five, and they appear on every PR whether you ship a config file or not:
Title accuracy — does the PR title describe the changes?
Breaking changes — any public API, contract, or config changes that lack docs?
Test coverage — do logic changes ship tests?
Docs completeness — READMEs and comments updated?
Security scan — injection, auth bypass, hardcoded secrets.
Severity labels
SUGGESTION findings are posted to the dashboard only — they never clutter the PR thread.