chore: add greptile.json AI code-review config

[devin-ai-integration]

Summary

Adds a repo-root greptile.json so Greptile AI reviews are tuned to this monorepo instead of relying solely on dashboard defaults. The repo migrated from CodeRabbit to Greptile (per CHANGELOG.md) but had no committed config.

Key choices (all params optional, validated against the greptile.json reference):

• Review behavior: strictness: 2, commentTypes: ["logic","syntax","style"] (drops low-value info), triggerOnUpdates: true (review each commit), triggerOnDrafts: false, statusCheck: true (use a GitHub status check instead of "X files reviewed" noise comments).
• Filters: includeBranches: ["main","dev"] so only PRs targeting the real base branches are reviewed; excludeAuthors: ["dependabot[bot]"].
• ignorePatterns: vendored libs + build artifacts — contracts/lib/**, contracts/{out,cache,broadcast,coverage}/**, circuits/build/**, **/*.{zkey,ptau,wtns}, node_modules/**, dist/**, public/**, supersim-logs/**, pnpm-lock.yaml.
• customContext.rules scoped per domain: Solidity security (CEI ordering, access control, reentrancy, 24KB MARKPool size, Makefile layering guards), Circom soundness (fully-constrained signals, nullifier/double-spend), workflows (actions must be SHA-pinned — matches the new org policy), frontend (no client-side secrets, wagmi/viem checks), and governance/release scripts.
• customContext.files: references docs/ARCHITECTURE.md, docs/THREAT_MODEL.md, docs/BRANCHING.md as review context (all confirmed to exist).

Note: Greptile reads config from the PR's source branch, so this takes effect on PRs once the branch carries the file. .greptile/ folder format is the newer alternative, but this uses greptile.json as requested.

Scope

• Contracts
• Scripts/ops
• Workflows/CI
• Docs/runbook

Verification

• greptile.json validated as well-formed JSON (python -m json.tool)
• All referenced docs (ARCHITECTURE.md, THREAT_MODEL.md, BRANCHING.md) exist
• No secrets/private keys added
• Commit signed (GitHub-verified)

Not applicable (config-only change, no code): forge build/forge test/slither.

Risk Review

• Access control changes reviewed — none
• Upgrade/deployment behavior reviewed — none
• Backward compatibility impact reviewed — additive config only
• No unintended changes to production deployment flow

Governance

• Target branch is correct (dev)
• CODEOWNER review requested
• Relevant runbook/docs updated

Linked Context

• Issue / task: Add Greptile config for the project
• Related PRs: Feat/security ci restructure #264 (security/CI restructure)

Link to Devin session: https://app.devin.ai/sessions/6f0be211d5e44cfc855cf5d6c9ac6d72
Requested by: @iap

Greptile Summary

Adds a greptile.json configuration file at the repo root to tailor Greptile AI code reviews to this ZK-SNARK / UTXO monorepo, replacing dashboard defaults after the migration from CodeRabbit.

• Review behavior & filters: sets strictness: 2, triggerOnUpdates: true, limits reviews to PRs targeting main/dev, excludes dependabot[bot], and enables a GitHub status check.
• ignorePatterns: excludes vendored Foundry libs, build artifacts, ZK trusted-setup binaries (.zkey, .ptau, .wtns), and lock files as a newline-separated string (correct format per docs).
• customContext.rules: five domain-scoped rules covering Solidity CEI/access-control, Circom signal constraints, GitHub Actions SHA pinning, frontend secret hygiene, and governance scripts; customContext.files references three existing architecture/threat-model docs.

Confidence Score: 5/5

Config-only change with no executable code; all parameters are confirmed valid against the official greptile.json reference and no secrets or credentials are present.

The change adds a single JSON configuration file. Every top-level field maps to a documented parameter. The ignorePatterns string format and customContext.rules/files structure match the published schema. One scope pattern uses brace expansion that may not match .tsx files, but this affects review coverage quality rather than production behavior.

No files require special attention — the single changed file is a non-executable config with no runtime impact.

Important Files Changed

Filename	Overview
greptile.json	New Greptile AI review config: well-formed JSON with valid parameters. All top-level fields are confirmed in the official reference. The frontend rule scope uses brace expansion that the docs show as separate entries, which could silently exclude .tsx files from the client-side secrets rule.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    PR[New Pull Request] --> B{Target branch\nin includeBranches?}
    B -- No --> SKIP[Skip review]
    B -- Yes --> C{Author in\nexcludeAuthors?}
    C -- Yes --> SKIP
    C -- No --> D{Draft PR?}
    D -- Yes / triggerOnDrafts=false --> SKIP
    D -- No --> E[Trigger review]
    E --> F{File matches\nignorePatterns?}
    F -- Yes --> SKIP2[File skipped]
    F -- No --> G[Apply matching rules]
    G --> R1["contracts/src/**/*.sol\n→ CEI, access control, 24KB limit"]
    G --> R2["circuits/**/*.circom\n→ signal constraints, nullifier soundness"]
    G --> R3[".github/workflows/**\n→ SHA-pinned actions"]
    G --> R4["src/**/*.ts/tsx\n→ no secrets, wagmi/viem"]
    G --> R5["scripts/**\n→ credentials, confirmation guards"]

Loading

Prompt To Fix All With AI

Fix the following 1 code review issue. Work through them one at a time, proposing concise fixes.

---

### Issue 1 of 1
greptile.json:27
The frontend security rule's `scope` uses brace expansion (`*.{ts,tsx}`), but Greptile's own documentation consistently shows multiple file-type patterns as separate array entries (e.g., `["*.ts", "*.js"]`). Brace expansion is not part of basic glob or `.gitignore` syntax and may silently not match `.tsx` files, leaving all React component files unscanned by the client-side secrets / wagmi-viem rule.

```suggestion
        "scope": ["src/**/*.ts", "src/**/*.tsx"]
```

_{Reviews (2): Last reviewed commit: "Merge branch 'dev' into devin/1780695439..." | Re-trigger Greptile}

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment, CI, and merge conflict monitoring

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None