🔥 feat: Add support for Sec-Fetch-Site header in CSRF middleware

[gaby]

Summary

• This pull request enhances the application's security posture by introducing centralized management for the Sec-Fetch-Site HTTP header and integrating its validation directly into the CSRF middleware. This proactive measure allows for earlier detection and rejection of potentially malicious cross-site requests, thereby strengthening protection against CSRF attacks.

Highlights

• Centralized Header Constant: The Sec-Fetch-Site HTTP header constant has been centralized in constants.go for consistent usage across the codebase.
• CSRF Middleware Enhancement: The CSRF middleware now incorporates validation for the Sec-Fetch-Site header, rejecting cross-site requests earlier to bolster security.
• Comprehensive Testing: New tests have been added to csrf_test.go to ensure the correct behavior and robustness of the Sec-Fetch-Site header validation within the CSRF middleware.

Related #3912

[gemini-code-assist]

Summary of Changes

Hello @gaby, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request enhances the application's security posture by introducing centralized management for the Sec-Fetch-Site HTTP header and integrating its validation directly into the CSRF middleware. This proactive measure allows for earlier detection and rejection of potentially malicious cross-site requests, thereby strengthening protection against CSRF attacks.

Highlights

• Centralized Header Constant: The Sec-Fetch-Site HTTP header constant has been centralized in constants.go for consistent usage across the codebase.
• CSRF Middleware Enhancement: The CSRF middleware now incorporates validation for the Sec-Fetch-Site header, rejecting cross-site requests earlier to bolster security.
• Comprehensive Testing: New tests have been added to csrf_test.go to ensure the correct behavior and robustness of the Sec-Fetch-Site header validation within the CSRF middleware.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[coderabbitai]

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

Walkthrough

Added exported header constant HeaderSecFetchSite; integrated Sec‑Fetch‑Site validation into CSRF middleware (new public error and pre-check for unsafe methods); added tests for Sec‑Fetch‑Site behavior (duplicate present); updated CSRF docs and AGENTS.md guidance.

Changes

Cohort / File(s)	Summary
Header constant addition constants.go	Added exported constant HeaderSecFetchSite = "Sec-Fetch-Site".
CSRF middleware enhancement middleware/csrf/csrf.go	Added public error ErrFetchSiteInvalid, introduced validateSecFetchSite helper, and added an early pre-check in the unsafe request path to validate Sec-Fetch-Site and invoke the middleware error handler on invalid values.
Sec‑Fetch‑Site validation tests middleware/csrf/csrf_test.go	Added Test_CSRF_SecFetchSite exercising Sec-Fetch-Site, Origin, method and scheme scenarios; test function appears duplicated in the diff.
Docs / PR guidance AGENTS.md, docs/middleware/csrf.md, docs/whats_new.md	Clarified PR title/body guidance in AGENTS.md; added "Fetch Metadata Guardrails" to CSRF docs and updated whats_new describing the Sec‑Fetch‑Site pre-check and ErrFetchSiteInvalid.

Sequence Diagram(s)

sequenceDiagram
    participant Client
    participant CSRF as CSRF Middleware
    participant ErrH as Error Handler
    participant App as Application Handler

    Client->>CSRF: HTTP request (method, Sec-Fetch-Site?, Origin, cookies, token)
    alt method is unsafe
        CSRF->>CSRF: validateSecFetchSite(header)
        alt invalid Sec-Fetch-Site
            CSRF->>ErrH: ErrFetchSiteInvalid
            ErrH-->>Client: 403 Forbidden
        else valid or absent Sec-Fetch-Site
            CSRF->>CSRF: origin / scheme / token checks
            alt any check fails
                CSRF->>ErrH: relevant CSRF error
                ErrH-->>Client: 403 Forbidden
            else all checks pass
                CSRF->>App: forward request
                App-->>Client: 200 OK
            end
        end
    else method considered safe
        CSRF->>App: forward request
        App-->>Client: 200 OK
    end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

• Focus areas:
  • Duplicate Test_CSRF_SecFetchSite in middleware/csrf/csrf_test.go.
  • Validation logic and allowed values in validateSecFetchSite.
  • Correct ordering and error propagation between the new pre-check and existing origin/token checks.

Possibly related PRs

• 🧹 chore: Fix CSRF error message mismatch with documentation #3636 — Overlaps CSRF middleware error handling changes; related to new error paths.
• refactor: update CSRF middleware to use shared extractors #3746 — Refactors CSRF extractor/error handling in the same middleware area.
• Refactor CSRF middleware and enhance documentation #3598 — Modifies CSRF middleware and tests; contextually related.

Suggested labels

📒 Documentation

Suggested reviewers

• sixcolors
• efectn
• ReneWerner87

Poem

🐰 I sniffed the fetch header, gave it a hop,
I checked the site before letting it pop.
Invalid values — I thump the drum,
Valid or gone, the checks then hum.
Hooray for guards; now go and ship! 🎉

Pre-merge checks and finishing touches

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 20.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.
Description check	❓ Inconclusive	The description provides a clear summary and highlights the key changes, but is missing most of the required template sections including Changes introduced checklist, Type of change, and Checklist items.	Complete the PR description by filling out the template sections: mark relevant checkboxes in 'Changes introduced' and 'Type of change', and verify all checklist items are addressed before merging.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly describes the main feature: adding Sec-Fetch-Site header support to CSRF middleware. It is specific, concise, and directly reflects the primary change in the changeset.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch implement-header-evaluation-for-csrf-middleware

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2e486a7 and c0b6297.

📒 Files selected for processing (1)

• docs/whats_new.md (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• docs/whats_new.md

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: repeated
• GitHub Check: unit (1.25.x, windows-latest)
• GitHub Check: unit (1.25.x, macos-latest)
• GitHub Check: lint
• GitHub Check: Compare

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 91.60%. Comparing base (a659b94) to head (c0b6297).
⚠️ Report is 19 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3913      +/-   ##
==========================================
- Coverage   91.66%   91.60%   -0.06%     
==========================================
  Files         119      119              
  Lines       10096    10107      +11     
==========================================
+ Hits         9254     9259       +5     
- Misses        534      539       +5     
- Partials      308      309       +1     

Flag	Coverage Δ
unittests	91.60% <100.00%> (-0.06%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[gemini-code-assist]

Code Review

This pull request effectively centralizes the Sec-Fetch-Site header constant and integrates its validation into the CSRF middleware, which is a good security enhancement. The changes are logical and the accompanying tests are thorough. I have one suggestion to optimize the new validation function for better performance by avoiding string allocations, which is in line with the Fiber framework's performance goals.

[Copilot]

Pull request overview

This PR centralizes the Sec-Fetch-Site header constant definition by adding it to the shared constants file, updating the CSRF middleware to reference this shared constant, and enhancing CSRF protection with early validation of the Sec-Fetch-Site header to reject cross-site requests before performing more expensive origin validation checks.

Key changes:

• Added HeaderSecFetchSite constant to centralize header name definition
• Implemented Sec-Fetch-Site header validation in CSRF middleware for improved security
• Added comprehensive test coverage for Sec-Fetch-Site validation scenarios

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File	Description
constants.go	Added HeaderSecFetchSite constant definition alongside other Sec-* header constants
middleware/csrf/csrf.go	Implemented validateSecFetchSite function and integrated Sec-Fetch-Site validation into the CSRF middleware flow, added ErrFetchSiteInvalid error constant
middleware/csrf/csrf_test.go	Added comprehensive test suite for Sec-Fetch-Site header validation covering various scenarios including same-origin, cross-site, same-site, and missing header cases

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[gaby]

Do not merge yet, forgot to update documentation.

[ReneWerner87]

can we include this hint in the agent.md ?

[gaby]

can we include this hint in the agent.md ?

Will do

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (1)

middleware/csrf/csrf.go (1)

322-335: Consider using utils.EqualFold for zero-allocation comparison.

The current implementation allocates a new string via utils.ToLower. For better alignment with Fiber's zero-allocation philosophy, consider using utils.EqualFold:

 func validateSecFetchSite(c fiber.Ctx) error {
 	secFetchSite := utils.Trim(c.Get(fiber.HeaderSecFetchSite), ' ')
 
 	if secFetchSite == "" {
 		return nil
 	}
 
-	switch utils.ToLower(secFetchSite) {
-	case "same-origin", "none", "cross-site", "same-site":
+	if utils.EqualFold(secFetchSite, "same-origin") ||
+		utils.EqualFold(secFetchSite, "none") ||
+		utils.EqualFold(secFetchSite, "cross-site") ||
+		utils.EqualFold(secFetchSite, "same-site") {
 		return nil
-	default:
-		return ErrFetchSiteInvalid
 	}
+
+	return ErrFetchSiteInvalid
 }

🧹 Nitpick comments (1)

middleware/csrf/csrf_test.go (1)

851-861: Use int instead of int16 for HTTP status codes.

Using int16 for expectedStatus is unusual and requires an explicit cast on line 994. Standard Go HTTP libraries use int for status codes.

 	tests := []struct {
 		name                   string
 		method                 string
 		secFetchSite           string
 		origin                 string
-		expectedStatus         int16
+		expectedStatus         int
 		https                  bool
 		expectFetchSiteInvalid bool
 	}{

Then update line 994:

-			require.Equal(t, int(tt.expectedStatus), c.Response.StatusCode())
+			require.Equal(t, tt.expectedStatus, c.Response.StatusCode())

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9905533 and d539f5d.

📒 Files selected for processing (2)

• middleware/csrf/csrf.go (3 hunks)
• middleware/csrf/csrf_test.go (1 hunks)

🧰 Additional context used

📓 Path-based instructions (2)

**/*_test.go

📄 CodeRabbit inference engine (AGENTS.md)

When adding Go tests, always invoke t.Parallel() at the start of each test and subtest to maximize concurrency

Files:

• middleware/csrf/csrf_test.go

**/*.go

📄 CodeRabbit inference engine (AGENTS.md)

Prefer github.com/gofiber/utils/v2 helpers (for example, utils.Trim) when performing common operations such as string manipulation, whenever it is practical and appropriate for the surrounding code

Files:

• middleware/csrf/csrf_test.go
• middleware/csrf/csrf.go

🧠 Learnings (5)

📚 Learning: 2025-10-16T07:19:52.418Z

Learnt from: grivera64
Repo: gofiber/fiber PR: 3807
File: adapter_test.go:118-144
Timestamp: 2025-10-16T07:19:52.418Z
Learning: In the Fiber codebase, the linter does not allow `require` assertions from within HTTP handlers (including net/http-style handlers). Use `t.Fatalf`, `t.Errorf`, or similar `testing.T` methods for error handling inside handler functions instead.

Applied to files:

• middleware/csrf/csrf_test.go
• middleware/csrf/csrf.go

📚 Learning: 2024-10-08T19:06:06.583Z

Learnt from: sixcolors
Repo: gofiber/fiber PR: 3016
File: middleware/csrf/csrf_test.go:188-193
Timestamp: 2024-10-08T19:06:06.583Z
Learning: In the Fiber framework tests, using `ctx.Response.Header.Cookie` may not be suitable for parsing cookies from the response header, as it requires a `*Cookie` and fills it rather than returning a string value; thus, manual parsing of the `Set-Cookie` header may be necessary.

Applied to files:

• middleware/csrf/csrf_test.go
• middleware/csrf/csrf.go

📚 Learning: 2025-07-19T14:06:29.884Z

Learnt from: sixcolors
Repo: gofiber/fiber PR: 3598
File: docs/middleware/csrf.md:37-42
Timestamp: 2025-07-19T14:06:29.884Z
Learning: In Fiber v3, the CookieSameSite constants use lowercase values: CookieSameSiteLaxMode = "lax", CookieSameSiteStrictMode = "strict", CookieSameSiteNoneMode = "none". Documentation examples should use lowercase string values or the typed constants, not capitalized strings like "Lax".

Applied to files:

• middleware/csrf/csrf.go

📚 Learning: 2025-11-26T13:34:08.100Z

Learnt from: CR
Repo: gofiber/fiber PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-11-26T13:34:08.100Z
Learning: Applies to **/*.go : Prefer `github.com/gofiber/utils/v2` helpers (for example, `utils.Trim`) when performing common operations such as string manipulation, whenever it is practical and appropriate for the surrounding code

Applied to files:

• middleware/csrf/csrf.go

📚 Learning: 2025-09-28T17:39:26.644Z

Learnt from: arturmelanchyk
Repo: gofiber/fiber PR: 3768
File: client/request.go:162-166
Timestamp: 2025-09-28T17:39:26.644Z
Learning: In fasthttp-based code like gofiber, using utils.UnsafeString(key) instead of string(key) is acceptable when values are used immediately within the same call stack and not stored for later use, as it avoids allocations and aligns with fasthttp's zero-allocation design philosophy.

Applied to files:

• middleware/csrf/csrf.go

🧬 Code graph analysis (1)

middleware/csrf/csrf_test.go (2)

middleware/csrf/csrf.go (3)

• New (48-220)
• Handler (31-35)
• ErrFetchSiteInvalid (19-19)

middleware/csrf/config.go (3)

• Config (16-126)
• HeaderName (129-129)
• ConfigDefault (132-140)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: lint
• GitHub Check: Compare
• GitHub Check: unit (1.25.x, windows-latest)
• GitHub Check: unit (1.25.x, macos-latest)
• GitHub Check: repeated

🔇 Additional comments (3)

middleware/csrf/csrf.go (2)

16-27: LGTM!

The error constants are well-organized and the new ErrFetchSiteInvalid error follows the existing naming convention.

---

131-135: LGTM!

The early Sec-Fetch-Site validation correctly rejects only malformed header values while allowing legitimate cross-origin requests to proceed to origin/referer validation. This addresses the previous concern about TrustedOrigins bypass.

middleware/csrf/csrf_test.go (1)

826-1000: LGTM!

The test provides comprehensive coverage for the Sec-Fetch-Site header validation, including:

• All valid header values (same-origin, none, cross-site, same-site)
• Invalid header rejection
• Missing header scenarios
• Safe vs unsafe HTTP methods
• Origin matching behavior

The use of t.Parallel() at both test and subtest levels follows the coding guidelines. As per coding guidelines for **/*_test.go, t.Parallel() is correctly invoked.

[github-actions]

⚠️ Performance Alert ⚠️

Possible performance regression was detected for benchmark.
Benchmark result of this commit is worse than the previous benchmark result exceeding threshold 1.50.

Benchmark suite	Current: 38324a8	Previous: ed2be1c	Ratio
Benchmark_NewError	71.45 ns/op 24 B/op 1 allocs/op	40.61 ns/op 24 B/op 1 allocs/op	1.76
Benchmark_NewError - ns/op	71.45 ns/op	40.61 ns/op	1.76
Benchmark_Compress_Levels/Zstd_LevelDefault - B/op	1 B/op	0 B/op	+∞
Benchmark_Compress_Parallel/Zstd - B/op	1 B/op	0 B/op	+∞

This comment was automatically generated by workflow using github-action-benchmark.

[gaby]

/gemini review

[gaby]

@codex review

[gemini-code-assist]

Code Review

This pull request enhances CSRF protection by adding support for the Sec-Fetch-Site header. The changes are well-implemented and include comprehensive tests. My review includes two suggestions for improvement: one to clarify the documentation for the new feature, and another to refactor hardcoded string values into constants for better maintainability. Overall, this is a solid security enhancement.

[Copilot]

Pull request overview

Copilot reviewed 5 out of 5 changed files in this pull request and generated no new comments.

[chatgpt-codex-connector]

Codex Review: Didn't find any major issues. Bravo.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

docs/middleware/csrf.md (1)

41-41: Use lowercase SameSite values to align with Fiber v3 constants.

The documentation examples use capitalized "Lax" and "Strict" for the CookieSameSite property, but Fiber v3 constants define these as lowercase: "lax", "strict", "none". The code should use either lowercase string values or the typed constants for consistency.

Based on learnings, update the CookieSameSite values from capitalized to lowercase throughout the documentation:

- CookieSameSite:    "Lax",
+ CookieSameSite:    "lax",

This should be applied to lines 41, 80, 94 in code examples, and line 406 in the Config Properties table (change "Lax" to "lax" and "Strict" to "strict").

Also update line 55 in the Best Practices section:

- CookieSameSite: "Lax"` or `"Strict"`
+ CookieSameSite: "lax"` or `"strict"`

Also applies to: 55-55, 80-80, 94-94, 406-406

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f817f2b and 38324a8.

📒 Files selected for processing (1)

• docs/middleware/csrf.md (1 hunks)

🧰 Additional context used

📓 Path-based instructions (2)

docs/**

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

Review and update the contents of the docs folder if necessary when modifying code

Files:

• docs/middleware/csrf.md

**/*.md

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

Run make markdown to lint all Markdown files when modifying code

Files:

• docs/middleware/csrf.md

🧠 Learnings (1)

📚 Learning: 2025-07-19T14:06:29.884Z

Learnt from: sixcolors
Repo: gofiber/fiber PR: 3598
File: docs/middleware/csrf.md:37-42
Timestamp: 2025-07-19T14:06:29.884Z
Learning: In Fiber v3, the CookieSameSite constants use lowercase values: CookieSameSiteLaxMode = "lax", CookieSameSiteStrictMode = "strict", CookieSameSiteNoneMode = "none". Documentation examples should use lowercase string values or the typed constants, not capitalized strings like "Lax".

Applied to files:

• docs/middleware/csrf.md

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: unit (1.25.x, windows-latest)
• GitHub Check: unit (1.25.x, macos-latest)
• GitHub Check: repeated
• GitHub Check: Compare
• GitHub Check: lint

[ReneWerner87]

@sixcolors can you also check

@gaby should we add this feature to whatsNew.md ?

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

docs/whats_new.md (1)

1289-1290: Improve clarity and fix comma splice in CSRF Sec-Fetch-Site documentation.

Line 1289 has a comma splice ("...unsafe methods, the middleware inspects..."). Additionally, the documentation repeats the core idea twice—first stating the middleware "handles" the header, then immediately restating it "inspects" the header. The final explanatory sentence also somewhat duplicates information already conveyed.

Consider restructuring for better flow:

-The CSRF now handles **Sec-Fetch-Site** header for unsafe methods, the middleware inspects the [`Sec-Fetch-Site`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Site) header when present. If the header value is not one of "same-origin", "none", "same-site", or "cross-site", the request is rejected with `ErrFetchSiteInvalid`. If the header is valid or absent, the request proceeds to the standard origin and token validation checks. This provides an early check to block requests with invalid `Sec-Fetch-Site` values, while allowing legitimate same-site and cross-site requests to be validated by the existing mechanisms.
+The CSRF middleware now validates the [`Sec-Fetch-Site`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Site) header for unsafe HTTP methods. When present, requests with invalid `Sec-Fetch-Site` values (not one of "same-origin", "none", "same-site", or "cross-site") are rejected with `ErrFetchSiteInvalid`. Valid or absent headers proceed to standard origin and token validation checks, providing an early gate to catch malformed requests while maintaining compatibility with legitimate cross-site traffic.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 38324a8 and 2e486a7.

📒 Files selected for processing (1)

• docs/whats_new.md (1 hunks)

🧰 Additional context used

📓 Path-based instructions (2)

docs/**

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

Review and update the contents of the docs folder if necessary when modifying code

Files:

• docs/whats_new.md

**/*.md

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

Run make markdown to lint all Markdown files when modifying code

Files:

• docs/whats_new.md

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: unit (1.25.x, windows-latest)
• GitHub Check: repeated
• GitHub Check: Compare
• GitHub Check: lint

🔇 Additional comments (1)

docs/whats_new.md (1)

1-6: Remember to run markdown linting before finalizing.

Per the coding guidelines, run make markdown to lint all Markdown files when modifying documentation.

[gaby]

@sixcolors can you also check

@gaby should we add this feature to whatsNew.md ?

@ReneWerner87 done