CodeAnt AI automatically detects bugs and security issues by default. However, you can extend CodeAnt’s review capabilities by defining custom rules that enforce company-specific coding practices, naming conventions, and standards.

Setup

1. Create Review Rules File

Create a review.json file in the same .codeant folder in your repository root: 
your-repo/
├── .git/
├── .codeant/
│   ├── instructions.json
│   └── review.json
├── src/
└── package.json

2. Define Custom Rules

The review.json file allows you to specify additional rules that CodeAnt will enforce during every code review.

Configuration Format

{
    "rules": [
        {
            "id": "unique-rule-id",
            "description": "Clear description of what this rule enforces",
            "files": ["glob-pattern-1", "glob-pattern-2"],
            "scope": ["ide", "pr"]  // Optional, defaults to ["ide"]
        }
    ]
}

Rule Categories

Code Quality Rules

No Console Logs in Production: 
{
    "id": "avoid-console-logs",
    "description": "Never use console.logs in production code",
    "files": ["**/*.js", "**/*.ts", "**/*.jsx", "**/*.tsx"],
    "scope": ["ide", "pr"]
}
Function Complexity: 
{
    "id": "max-function-length",
    "description": "Functions should not exceed 50 lines of code",
    "files": ["src/**/*.js", "src/**/*.ts"]
}

Naming Convention Rules

Variable Naming: 
{
    "id": "snake-case-variables",
    "description": "All local variable names inside functions should be in snake_case",
    "files": ["**/*.py"]
}
Component Naming: 
{
    "id": "pascal-case-components",
    "description": "React components must use PascalCase naming",
    "files": ["src/components/**/*.jsx", "src/components/**/*.tsx"],
    "scope": ["pr"]
}

API and Architecture Rules

REST API Conventions: 
{
    "id": "rest-api-endpoint-naming",
    "description": "Ensure REST API endpoints are named correctly. Names should be in kebab-case and follow the pattern: `/{resource}/{action}`",
    "files": ["**/*.py", "routes/**/*.js"]
}

Security and Performance Rules

Password Validation: 
{
    "id": "strong-password-regex",
    "description": "Password validation must include uppercase, lowercase, numbers, and special characters",
    "files": ["src/auth/**/*.js", "**/validation/**/*.ts"],
    "scope": ["ide", "pr"]
}
Database Query Optimization: 
{
    "id": "avoid-n-plus-one",
    "description": "Database queries should use proper joins to avoid N+1 query problems",
    "files": ["src/models/**/*.js", "**/repositories/**/*.ts"]
}

Sample review.json

{
    "rules": [
        {
            "id": "avoid-console-logs",
            "description": "Never use console.logs in production code.",
            "files": ["**/*.js", "**/*.ts", "**/*.jsx", "**/*.tsx"],
            "scope": ["ide", "pr"]
        },
        {
            "id": "rest-api-endpoint-naming",
            "description": "Ensure REST API endpoints are named correctly. Names should be in kebab-case and follow the pattern: `/{resource}/{action}`.",
            "files": ["**/*.py"]
        },
        {
            "id": "snake-case-local-variable-names",
            "description": "All local variable names inside functions should be in snake_case.",
            "files": ["**/*.py"],
            "scope": ["ide"]
        },
        {
            "id": "no-hardcoded-secrets",
            "description": "API keys, passwords, and secrets should never be hardcoded. Use environment variables instead.",
            "files": ["**/*.js", "**/*.ts", "**/*.py"],
            "scope": ["pr"]
        },
        {
            "id": "component-prop-types",
            "description": "All React components must define PropTypes or TypeScript interfaces for props.",
            "files": ["src/components/**/*.jsx", "src/components/**/*.tsx"]
        }
    ]
}

How It Works

  1. Rule Enforcement: These custom rules are applied on top of CodeAnt’s default bug and security detection
  2. Review Integration: Custom rules are checked during both automatic (on commit) and manual reviews
  3. File Targeting: Rules only apply to files matching the specified glob patterns
  4. Scope Control: The optional scope parameter determines where rules are enforced - “ide” for IDE integration only, “pr” for pull request reviews only, or both. If not specified, defaults to [“ide”]
  5. Priority: Custom rules complement, not replace, CodeAnt’s built-in detection capabilities

Best Practices

  • Team Alignment: Ensure all team members agree on the custom rules before implementing
  • Clear Descriptions: Write detailed descriptions explaining the reasoning behind each rule
  • Gradual Implementation: Start with a few critical rules and expand over time
  • Regular Review: Periodically review and update rules as your codebase evolves
  • Documentation: Keep a separate document explaining your team’s coding standards
Once configured, CodeAnt will enforce these custom rules alongside its default bug and security detection during every code review.