|
| 1 | +--- |
| 2 | +# Codacy Rules |
| 3 | +Configuration for AI behavior when interacting with Codacy's MCP Server |
| 4 | + |
| 5 | +## After ANY successful `edit_file` or `reapply` operation |
| 6 | +- YOU MUST IMMEDIATELY run the `codacy_cli_analyze` tool from Codacy's MCP Server for each file that was edited, with: |
| 7 | + - `rootPath`: set to the workspace path |
| 8 | + - `file`: set to the path of the edited file |
| 9 | + - `tool`: leave empty or unset |
| 10 | +- If any issues are found in the new edits, propose and apply fixes for them. |
| 11 | +- > NOTE: Failure to follow this rule is considered a critical error. |
| 12 | +
|
| 13 | +## CRITICAL: Dependencies and Security Checks |
| 14 | +- IMMEDIATELY after ANY of these actions: |
| 15 | + - Running npm/yarn/pnpm install |
| 16 | + - Adding dependencies to package.json |
| 17 | + - Adding requirements to requirements.txt |
| 18 | + - Adding dependencies to pom.xml |
| 19 | + - Adding dependencies to build.gradle |
| 20 | + - Any other package manager operations |
| 21 | +- You MUST run the `codacy_cli_analyze` tool with: |
| 22 | + - `rootPath`: set to the workspace path |
| 23 | + - `tool`: set to "trivy" |
| 24 | + - `file`: leave empty or unset |
| 25 | +- If any vulnerabilities are found because of the newly added packages: |
| 26 | + - Stop all other operations |
| 27 | + - Propose and apply fixes for the security issues |
| 28 | + - Only continue with the original task after security issues are resolved |
| 29 | +- EXAMPLE: |
| 30 | + - After: npm install react-markdown |
| 31 | + - Do: Run codacy_cli_analyze with trivy |
| 32 | + - Before: Continuing with any other tasks |
| 33 | + |
| 34 | +## General |
| 35 | +- Repeat the relevant steps for each modified file. |
| 36 | +- "Propose fixes" means to both suggest and, if possible, automatically apply the fixes. |
| 37 | +- You MUST NOT wait for the user to ask for analysis or remind you to run the tool. |
| 38 | +- Do not run `codacy_cli_analyze` looking for changes in duplicated code or code complexity metrics. |
| 39 | +- Do not run `codacy_cli_analyze` looking for changes in code coverage. |
| 40 | +- Do not try to manually install Codacy CLI using either brew, npm, npx, or any other package manager. |
| 41 | +- If the Codacy CLI is not installed, just run the `codacy_cli_analyze` tool from Codacy's MCP Server. |
| 42 | +- When calling `codacy_cli_analyze`, only send provider, organization and repository if the project is a git repository. |
| 43 | + |
| 44 | +## Whenever a call to a Codacy tool that uses `repository` or `organization` as a parameter returns a 404 error |
| 45 | +- Offer to run the `codacy_setup_repository` tool to add the repository to Codacy |
| 46 | +- If the user accepts, run the `codacy_setup_repository` tool |
| 47 | +- Do not ever try to run the `codacy_setup_repository` tool on your own |
| 48 | +- After setup, immediately retry the action that failed (only retry once) |
| 49 | +--- |
0 commit comments