Review policies

Tune review behavior, comment volume, prompt guidance, path exclusions, and deterministic analysis controls.

Owner/Admin editingWorkspace defaultNo repository overrides

Policy target

Workspace defaults apply everywhere unless a repository override is selected.

Updated May 25, 03:00 AM

Scope

Repository overrides appear after a repository-specific policy is saved through the API.

Control when Firmcode reviews and how strongly it nudges tests.

Review draft pull requestsRequire tests for risky changesSuggest missing tests

Keep inline review volume bounded and severity-aware.

Severity thresholdMax inline comments

BugsSecurityPerformanceMaintainabilityTestsInfrastructureCI

Add bounded reviewer guidance without storing credentials or tokens.

Custom review instructions

0 / 4000 characters.

Repository-relative path globs excluded from review context where policy allows.

Ignored pathsGenerated-file patterns

Enable deterministic scanners and AI explanation stages.

SemgrepSemgrep infrastructure rulesScan generated files for secrets

Tree-sitterLLM reviewCI explanations

Focus policy review on sensitive operational and security-heavy changes.

Infrastructure reviewSecurity reviewDependency reviewCI workflow review

No unsaved changes