diff --git a/.coderabbit.yaml b/.coderabbit.yaml
new file mode 100644
index 0000000..18c89a2
--- /dev/null
+++ b/.coderabbit.yaml
@@ -0,0 +1,22 @@
+language: en-US
+reviews:
+  profile: assertive
+  request_changes_workflow: true
+  high_level_summary: true
+  poem: false
+  review_status: true
+  collapse_walkthrough: false
+  path_instructions:
+    - path: "*.py"
+      instructions: |
+        Review for security issues — validate all user inputs.
+        Check for proper error handling and logging.
+    - path: ".github/workflows/**"
+      instructions: |
+        Check for command injection via untrusted GitHub context variables.
+        Verify secrets are not exposed in logs.
+    - path: "Dockerfile"
+      instructions: |
+        Check for security best practices — non-root user, minimal base image.
+chat:
+  auto_reply: true
diff --git a/.gitleaks.toml b/.gitleaks.toml
new file mode 100644
index 0000000..68f7f2f
--- /dev/null
+++ b/.gitleaks.toml
@@ -0,0 +1,12 @@
+# Gitleaks configuration
+# https://github.com/gitleaks/gitleaks
+
+title = "RedditModLog gitleaks config"
+
+[allowlist]
+  description = "Global allowlist"
+  paths = [
+    '''\.env\.example''',
+    '''__pycache__/''',
+    '''\.pytest_cache/''',
+  ]