Path Rules
Control which files Codity reviews and how specific files are reviewed, per repository. Path Rules let you:
- Ignore files and folders by pattern so they are excluded from review entirely.
- Attach per-path instructions so files matching a pattern get extra, targeted guidance during review.
Path Rules are shared per repository — everyone with access to the repo sees and edits the same rules, and they apply to every pull request regardless of who opened it.
Overview
| Feature | What it does |
|---|---|
| Ignore patterns | Matching files are skipped — no review, no inline comments, and they don't count toward the reviewed diff (e.g. generated code, vendored dependencies, fixtures, docs). |
| Per-path instructions | When a changed file matches a pattern, your instruction text is added to the reviewer's context for that file (e.g. "treat src/payments/** as money-handling code"). |
Patterns use .gitignore-style globbing (e.g. docs/, **/*.generated.ts, *.lock, src/payments/**).
How It Works
Path Rules are loaded from two sources and merged together — every rule from every source applies:
- Dashboard configuration — set per repository in the Codity dashboard.
- Repository file — a
codity-rules.yamlfile committed to your repo (root and/or any folder).
> Unlike Custom Review Instructions, where the dashboard overrides the repository file, Path Rules from both sources are additive — an ignore pattern or instruction from either source takes effect.
Configuration Methods
Method 1: Dashboard
- Open the Codity dashboard and go to Settings → Review.
- Select your repository from the Repository picker.
- In the Path Rules card:
- Toggle Enabled on.
- Add Ignore Patterns (one glob per entry).
- Add Instructions — each is a glob pattern plus the instruction text to apply to matching files.
- Or switch to Edit as YAML to author everything as a single document.
- Click Save Path Rules.
Dashboard rules take effect on new reviews immediately, with no code changes, and are shared across everyone with access to the repository.
Method 2: Repository File
Commit a codity-rules.yaml (or codity-rules.yml) file to your repository to version-control the rules alongside your code.
- A file in the repository root applies repo-wide.
- A file inside any folder cascades to that folder's subtree, with its patterns interpreted relative to that folder. This lets teams keep rules next to the code they govern.
Benefits:
- Version-controlled and reviewed via PRs
- Rules live next to the code they affect (per-folder cascade)
- Works without dashboard access
File Format
codity-rules.yaml (and the dashboard's "Edit as YAML" view) use the same shape:
# Files/folders to exclude from review entirely.
ignore:
- "**/*.generated.ts" # skip generated code anywhere
- "docs/" # skip the docs folder and everything under it
- "vendor/**" # skip vendored dependencies
- "*.lock" # skip lockfiles
# Extra instructions applied to files matching a pattern.
instructions:
- pattern: "src/payments/**"
instruct: |
This is money-handling code. Be strict: flag floating-point arithmetic on
currency, missing or undefined rounding modes, missing idempotency on
charge/refund operations, and any precision drift. Prefer integer cents.
- pattern: "**/*.sql"
instruct: "Flag missing indexes and N+1 query patterns on new queries."
enabled: true
ignore
A list of glob patterns. Any changed file that matches is excluded from the review.
ignore:
- "**/*.snap" # snapshot tests
- "migrations/**" # database migrations
- "docs/" # entire folder
instructions
A list of { pattern, instruct } entries:
| Field | Required | Description |
|---|---|---|
pattern | Optional | Glob matched against changed file paths. In a folder-level file, omit it to apply the instruction to that folder's whole subtree. |
instruct | Yes | The guidance to add to the review for matching files. No length limit. |
enabled | Optional | Set to false to keep a rule without applying it. Defaults to true. |
instructions:
- pattern: "src/auth/**"
instruct: "Authentication code — scrutinize token handling, session fixation, and authz checks."
- pattern: "**/*.tsx"
instruct: "Flag missing accessibility attributes on interactive elements."
Folder-level cascade
A codity-rules.yaml placed inside a folder scopes its patterns to that folder. For example, in src/payments/codity-rules.yaml:
ignore:
- "fixtures/**" # matches src/payments/fixtures/**
instructions:
- instruct: "Money-handling module — extra scrutiny on rounding and idempotency."
# no pattern -> applies to everything under src/payments/
Pattern Syntax
Patterns follow .gitignore semantics:
| Pattern | Matches |
|---|---|
docs/ | The docs folder and everything inside it |
**/*.generated.ts | Any .generated.ts file at any depth |
src/payments/** | Everything under src/payments/ |
*.lock | Any file ending in .lock |
config/settings.json | That exact file |
Examples
Ignore generated code and docs; add scrutiny to payments:
ignore:
- "**/*.generated.ts"
- "docs/"
instructions:
- pattern: "src/payments/**"
instruct: "Money-handling code. Flag float currency math, missing rounding mode, and missing idempotency on charge/refund."
Split across sources (dashboard + file): keep ignore patterns in codity-rules.yaml on your default branch, and manage per-path instructions from the dashboard — both apply, because Path Rules are additive.
Behavior Notes
- Ignored files are removed from the review's context: they are not reviewed and receive no comments. Dashboard ignore rules also keep them out of the PR summary and workflow diagrams.
- Per-path instructions only appear for files actually changed in the PR — they are scoped to the files under review, so there is no length penalty for large rule sets.
- Editing rules re-triggers review: changing Path Rules causes Codity to re-review the latest commit so the new rules take effect.
- Scope: Path Rules apply to the AI code review. They do not change security, dependency, or license scans.
Additional Resources
- Custom Review Instructions — repo-wide review guidance
- Auto Review Configuration — enable/disable reviews
- Scan Configuration — security/license/quality scans
- YAML Syntax: https://yaml.org/