Path Rules

Control which files Codity reviews and how specific files are reviewed, per repository. Path Rules let you:

  • Ignore files and folders by pattern so they are excluded from review entirely.
  • Attach per-path instructions so files matching a pattern get extra, targeted guidance during review.

Path Rules are shared per repository — everyone with access to the repo sees and edits the same rules, and they apply to every pull request regardless of who opened it.

Overview

FeatureWhat it does
Ignore patternsMatching files are skipped — no review, no inline comments, and they don't count toward the reviewed diff (e.g. generated code, vendored dependencies, fixtures, docs).
Per-path instructionsWhen a changed file matches a pattern, your instruction text is added to the reviewer's context for that file (e.g. "treat src/payments/** as money-handling code").

Patterns use .gitignore-style globbing (e.g. docs/, **/*.generated.ts, *.lock, src/payments/**).

How It Works

Path Rules are loaded from two sources and merged together — every rule from every source applies:

  1. Dashboard configuration — set per repository in the Codity dashboard.
  2. Repository file — a codity-rules.yaml file committed to your repo (root and/or any folder).

> Unlike Custom Review Instructions, where the dashboard overrides the repository file, Path Rules from both sources are additive — an ignore pattern or instruction from either source takes effect.

Configuration Methods

Method 1: Dashboard

  1. Open the Codity dashboard and go to Settings → Review.
  2. Select your repository from the Repository picker.
  3. In the Path Rules card:
    • Toggle Enabled on.
    • Add Ignore Patterns (one glob per entry).
    • Add Instructions — each is a glob pattern plus the instruction text to apply to matching files.
    • Or switch to Edit as YAML to author everything as a single document.
  4. Click Save Path Rules.

Dashboard rules take effect on new reviews immediately, with no code changes, and are shared across everyone with access to the repository.

Method 2: Repository File

Commit a codity-rules.yaml (or codity-rules.yml) file to your repository to version-control the rules alongside your code.

  • A file in the repository root applies repo-wide.
  • A file inside any folder cascades to that folder's subtree, with its patterns interpreted relative to that folder. This lets teams keep rules next to the code they govern.

Benefits:

  • Version-controlled and reviewed via PRs
  • Rules live next to the code they affect (per-folder cascade)
  • Works without dashboard access

File Format

codity-rules.yaml (and the dashboard's "Edit as YAML" view) use the same shape:

# Files/folders to exclude from review entirely.
ignore:
  - "**/*.generated.ts"   # skip generated code anywhere
  - "docs/"               # skip the docs folder and everything under it
  - "vendor/**"           # skip vendored dependencies
  - "*.lock"              # skip lockfiles

# Extra instructions applied to files matching a pattern.
instructions:
  - pattern: "src/payments/**"
    instruct: |
      This is money-handling code. Be strict: flag floating-point arithmetic on
      currency, missing or undefined rounding modes, missing idempotency on
      charge/refund operations, and any precision drift. Prefer integer cents.
  - pattern: "**/*.sql"
    instruct: "Flag missing indexes and N+1 query patterns on new queries."
    enabled: true

ignore

A list of glob patterns. Any changed file that matches is excluded from the review.

ignore:
  - "**/*.snap"          # snapshot tests
  - "migrations/**"      # database migrations
  - "docs/"              # entire folder

instructions

A list of { pattern, instruct } entries:

FieldRequiredDescription
patternOptionalGlob matched against changed file paths. In a folder-level file, omit it to apply the instruction to that folder's whole subtree.
instructYesThe guidance to add to the review for matching files. No length limit.
enabledOptionalSet to false to keep a rule without applying it. Defaults to true.
instructions:
  - pattern: "src/auth/**"
    instruct: "Authentication code — scrutinize token handling, session fixation, and authz checks."
  - pattern: "**/*.tsx"
    instruct: "Flag missing accessibility attributes on interactive elements."

Folder-level cascade

A codity-rules.yaml placed inside a folder scopes its patterns to that folder. For example, in src/payments/codity-rules.yaml:

ignore:
  - "fixtures/**"          # matches src/payments/fixtures/**
instructions:
  - instruct: "Money-handling module — extra scrutiny on rounding and idempotency."
    # no pattern -> applies to everything under src/payments/

Pattern Syntax

Patterns follow .gitignore semantics:

PatternMatches
docs/The docs folder and everything inside it
**/*.generated.tsAny .generated.ts file at any depth
src/payments/**Everything under src/payments/
*.lockAny file ending in .lock
config/settings.jsonThat exact file

Examples

Ignore generated code and docs; add scrutiny to payments:

ignore:
  - "**/*.generated.ts"
  - "docs/"
instructions:
  - pattern: "src/payments/**"
    instruct: "Money-handling code. Flag float currency math, missing rounding mode, and missing idempotency on charge/refund."

Split across sources (dashboard + file): keep ignore patterns in codity-rules.yaml on your default branch, and manage per-path instructions from the dashboard — both apply, because Path Rules are additive.

Behavior Notes

  • Ignored files are removed from the review's context: they are not reviewed and receive no comments. Dashboard ignore rules also keep them out of the PR summary and workflow diagrams.
  • Per-path instructions only appear for files actually changed in the PR — they are scoped to the files under review, so there is no length penalty for large rule sets.
  • Editing rules re-triggers review: changing Path Rules causes Codity to re-review the latest commit so the new rules take effect.
  • Scope: Path Rules apply to the AI code review. They do not change security, dependency, or license scans.

Additional Resources