Manage CodeRabbit AI code review access across an enterprise organization. CodeRabbit inherits repository permissions from your Git provider -- if a developer has write access to a repo and opens a PR, CodeRabbit reviews it. Enterprise controls focus on seat management, repository scoping, organization-level configuration, and review policy enforcement.
Prerequisites
CodeRabbit Pro or Enterprise plan
GitHub Organization admin or GitLab Group owner role
CodeRabbit GitHub App installed on the organization
Access to CodeRabbit dashboard at app.coderabbit.ai
# In GitHub > Organization > Settings > Installed Apps > CodeRabbit:
Option A: "All repositories" (org-wide)
- Every repo gets AI reviews automatically
- New repos are covered immediately
- Higher seat count (every PR author = seat)
Option B: "Only select repositories" (targeted)
- Choose which repos get AI reviews
- Lower seat count
- New repos must be manually added
# Recommended: Start with Option B (select repos)
# Add repos in tiers based on risk/value
Step 2: Configure Seat Management
# In CodeRabbit Dashboard > Organization > Subscription:
1. Seat Policy Options:
- "Active committers" → Auto-assign to anyone who opens a PR
- "Manual assignment" → Admin explicitly assigns seats
2. Exclude Bot Accounts:
- dependabot[bot]
- renovate[bot]
- github-actions[bot]
- Any CI service accounts
3. Monitor Seat Usage:
- Active seats: developers who opened PRs in last 30 days
- Idle seats: no PR activity in 30+ days → candidates for removal
# Billing: ~$15/seat/month (Pro), custom (Enterprise)
# Only PR authors consume seats, not reviewers or commenters
Step 3: Set Organization-Level Defaults
# .github/.coderabbit.yaml (in the .github repo)
# Applied to ALL repos unless overridden by repo-level config
language: "en-US"
reviews:
profile: "assertive"
request_changes_workflow: false
high_level_summary: true
review_status: true
poem: false
sequence_diagrams: true
auto_review:
enabled: true
drafts: false
ignore_title_keywords:
- "WIP"
- "DO NOT MERGE"
- "chore: bump"
path_filters:
- "!**/*.lock"
- "!**/*.snap"
- "!**/generated/**"
- "!dist/**"
- "!vendor/**"
# Organization-wide coding standards
path_instructions:
- path: "**"
instructions: |
Org-wide rules:
1. Flag hardcoded secrets, API keys, or credentials
2. Check for proper error handling (no empty catch blocks)
3. Verify input validation on API endpoints
chat:
auto_reply: true
Step 4: Team-Specific Repository Overrides
# .coderabbit.yaml in a specific repo (overrides org defaults)
reviews:
profile: "assertive" # Can override org default
request_changes_workflow: true # This repo requires CR approval
auto_review:
enabled: true
base_branches:
- main # Only review PRs targeting main
drafts: false
path_instructions:
- path: "src/auth/**"
instructions: |
SECURITY-CRITICAL path. Check for:
- Auth bypass vulnerabilities
- Injection attacks
- Improper session handling
- Token validation gaps
- path: "src/payments/**"
instructions: |
PCI-SENSITIVE path. Check for:
- Credit card data handling
- Proper encryption usage
- Audit logging of financial operations
- path: "migrations/**"
instructions: |
Verify: backward compatibility, rollback safety,
no data loss on down migration.
Step 5: Audit Review Activity
set -euo pipefail
ORG="${1:-your-org}"
echo "=== CodeRabbit Org-Wide Review Audit ==="
echo "Organization: $ORG"
echo ""
# List repos with CodeRabbit installed
echo "--- Repos with CodeRabbit ---"
for REPO in $(gh repo list "$ORG" --limit 50 --json name --jq '.[].name'); do
INSTALLED=$(gh api "repos/$ORG/$REPO/installation" --jq '.app_slug' 2>/dev/null || echo "none")
if [ "$INSTALLED" = "coderabbitai" ]; then
# Count recent reviews
REVIEWS=$(gh api "repos/$ORG/$REPO/pulls?state=closed&per_page=10" --jq '.[].number' 2>/dev/null | \
head -5 | xargs -I{} gh api "repos/$ORG/$REPO/pulls/{}/reviews" \
--jq '[.[] | select(.user.login=="coderabbitai[bot]")] | length' 2>/dev/null | \
awk '{sum+=$1} END {print sum+0}')
echo " $REPO: $REVIEWS reviews (last 5 PRs)"
fi
done
Step 6: Enterprise SSO and Compliance
# CodeRabbit Enterprise plan includes:
1. SSO Integration:
- GitHub Enterprise Cloud SSO (SAML)
- GitLab SAML SSO
- Automatic seat provisioning via SCIM
2. Data Residency:
- Code is processed and not stored (ephemeral analysis)
- Review comments stored in your Git provider (GitHub/GitLab)
- CodeRabbit learnings stored on CodeRabbit servers
- SOC 2 Type II certified
3. Compliance Features:
- Audit logs available in enterprise dashboard
- Data processing agreement (DPA) available
- Custom data retention policies
- IP allowlisting for self-hosted GitLab
# Contact: [email protected] for custom plans
Output
Repository access scoped to appropriate repos
Seat management configured with bot exclusions
Organization-level defaults deployed
Team-specific review policies applied
Audit script for review activity monitoring
Error Handling
Issue
Cause
Solution
CodeRabbit not reviewing PRs
App not installed on repo
Add repo in GitHub App settings
Seat limit exceeded
Too many active committers
Remove inactive users or upgrade plan
Org config not applying
No .github repo in org
Create .github repo with .coderabbit.yaml
Repo config ignored
YAML syntax error
Validate YAML, check with @coderabbitai configuration