Custom Review Rules

CodeAnt AI automatically detects bugs and security issues by default. However, you can extend CodeAnt’s review capabilities by defining custom rules that enforce company-specific coding practices, naming conventions, and standards.

Setup

1. Create Review Rules File

Create a review.json file in the same .codeant folder in your repository root:

your-repo/
├── .git/
├── .codeant/
│   ├── instructions.json
│   └── review.json
├── src/
└── package.json

2. Define Custom Rules

The review.json file allows you to specify additional rules that CodeAnt will enforce during every code review.

Configuration Format

{
    "rules": [
        {
            "id": "unique-rule-id",
            "description": "Clear description of what this rule enforces",
            "files": ["glob-pattern-1", "glob-pattern-2"],
            "scope": ["ide", "pr"]  // Optional, defaults to ["ide"]
        }
    ]
}

Rule Categories

Code Quality Rules

No Console Logs in Production:

{
    "id": "avoid-console-logs",
    "description": "Never use console.logs in production code",
    "files": ["**/*.js", "**/*.ts", "**/*.jsx", "**/*.tsx"],
    "scope": ["ide", "pr"]
}

Function Complexity:

{
    "id": "max-function-length",
    "description": "Functions should not exceed 50 lines of code",
    "files": ["src/**/*.js", "src/**/*.ts"]
}

Naming Convention Rules

Variable Naming:

{
    "id": "snake-case-variables",
    "description": "All local variable names inside functions should be in snake_case",
    "files": ["**/*.py"]
}

Component Naming:

{
    "id": "pascal-case-components",
    "description": "React components must use PascalCase naming",
    "files": ["src/components/**/*.jsx", "src/components/**/*.tsx"],
    "scope": ["pr"]
}

API and Architecture Rules

REST API Conventions:

{
    "id": "rest-api-endpoint-naming",
    "description": "Ensure REST API endpoints are named correctly. Names should be in kebab-case and follow the pattern: `/{resource}/{action}`",
    "files": ["**/*.py", "routes/**/*.js"]
}

Security and Performance Rules

Password Validation:

{
    "id": "strong-password-regex",
    "description": "Password validation must include uppercase, lowercase, numbers, and special characters",
    "files": ["src/auth/**/*.js", "**/validation/**/*.ts"],
    "scope": ["ide", "pr"]
}

Database Query Optimization:

{
    "id": "avoid-n-plus-one",
    "description": "Database queries should use proper joins to avoid N+1 query problems",
    "files": ["src/models/**/*.js", "**/repositories/**/*.ts"]
}

Sample review.json

{
    "rules": [
        {
            "id": "avoid-console-logs",
            "description": "Never use console.logs in production code.",
            "files": ["**/*.js", "**/*.ts", "**/*.jsx", "**/*.tsx"],
            "scope": ["ide", "pr"]
        },
        {
            "id": "rest-api-endpoint-naming",
            "description": "Ensure REST API endpoints are named correctly. Names should be in kebab-case and follow the pattern: `/{resource}/{action}`.",
            "files": ["**/*.py"]
        },
        {
            "id": "snake-case-local-variable-names",
            "description": "All local variable names inside functions should be in snake_case.",
            "files": ["**/*.py"],
            "scope": ["ide"]
        },
        {
            "id": "no-hardcoded-secrets",
            "description": "API keys, passwords, and secrets should never be hardcoded. Use environment variables instead.",
            "files": ["**/*.js", "**/*.ts", "**/*.py"],
            "scope": ["pr"]
        },
        {
            "id": "component-prop-types",
            "description": "All React components must define PropTypes or TypeScript interfaces for props.",
            "files": ["src/components/**/*.jsx", "src/components/**/*.tsx"]
        }
    ]
}

How It Works

Rule Enforcement: These custom rules are applied on top of CodeAnt’s default bug and security detection
Review Integration: Custom rules are checked during both automatic (on commit) and manual reviews
File Targeting: Rules only apply to files matching the specified glob patterns
Scope Control: The optional scope parameter determines where rules are enforced - “ide” for IDE integration only, “pr” for pull request reviews only, or both. If not specified, defaults to [“ide”]
Priority: Custom rules complement, not replace, CodeAnt’s built-in detection capabilities

Best Practices

Team Alignment: Ensure all team members agree on the custom rules before implementing
Clear Descriptions: Write detailed descriptions explaining the reasoning behind each rule
Gradual Implementation: Start with a few critical rules and expand over time
Regular Review: Periodically review and update rules as your codebase evolves
Documentation: Keep a separate document explaining your team’s coding standards

Once configured, CodeAnt will enforce these custom rules alongside its default bug and security detection during every code review.

Start Here

Setup

Pull Request Review

Scan center

Integrations

IDE

Rule Reference

Resources

Setup

1. Create Review Rules File

2. Define Custom Rules

Configuration Format

Rule Categories

Code Quality Rules

Naming Convention Rules

API and Architecture Rules

Security and Performance Rules

Sample review.json

How It Works

Best Practices

Start Here

Setup

Pull Request Review

Scan center

Integrations

IDE

Rule Reference

Resources

​Setup

​1. Create Review Rules File

​2. Define Custom Rules

​Configuration Format

​Rule Categories

​Code Quality Rules

​Naming Convention Rules

​API and Architecture Rules

​Security and Performance Rules

​Sample review.json

​How It Works

​Best Practices

Setup

1. Create Review Rules File

2. Define Custom Rules

Configuration Format

Rule Categories

Code Quality Rules

Naming Convention Rules

API and Architecture Rules

Security and Performance Rules

Sample review.json

How It Works

Best Practices