Regex Rules
Regex rules match patterns against the raw git diff text. They run locally with no API calls.
When to use regex rules
Use regex when you can express the check as a text pattern:
- Preventing debug statements (
console.log,print(,debugger) - Enforcing naming conventions
- Blocking hardcoded secrets or credentials
- Requiring specific file patterns in a diff
Full example
rules:
- name: no-print-statements
description: No print() calls in committed code
type: regex
pattern: '^\+.*\bprint\s*\('
match: false
on_fail: fail
Field reference
| Field | Required | Default | Description |
|---|---|---|---|
name | Yes | — | Unique rule identifier |
description | Yes | — | Shown in CLI output |
type | Yes | — | Must be regex |
pattern | Yes | — | Python re compatible regex |
match | No | true | true = must match; false = must not match |
on_fail | No | warn | warn or fail |
depends_on | No | — | Skip if referenced rule did not pass |
Pattern matching details
The pattern is matched against the full unified diff output. Each added line starts with + and each removed line starts with -.
To match only added lines (lines introduced by this change):
pattern: '^\+.*TODO'
To match any line in the diff:
pattern: 'TODO'
Pattern examples
Block debug statements
- name: no-console-log
type: regex
pattern: '^\+.*console\.log\('
match: false
on_fail: fail
Require a changelog entry
- name: has-changelog-entry
type: regex
pattern: 'CHANGELOG'
match: true
on_fail: warn
Block hardcoded API keys
- name: no-hardcoded-keys
type: regex
pattern: "^\\+.*(api_key|secret_key|password)\\s*=\\s*[\"']\\w+"
match: false
on_fail: fail
Enforce snake_case filenames
- name: snake-case-files
type: regex
pattern: '^diff --git.*[A-Z].*\.py'
match: false
on_fail: warn
Next steps
AST rules for Python structural analysis.