Automated code quality checking with AI. Define rules in natural language and let AI check your entire codebase against them.
npm install -g autorules
Or use locally in your project:
npm install --save-dev autorules
autorules folder in your project.md format) with this structure:title: No console.log statements
files: **/*.js
---
This file should not contain any console.log statements in production code.
export OPENROUTER_API_KEY=your_key_here
autorules --workers=3
Each rule file must have:
title and files (glob pattern)---Example:
title: Proper error handling
files: src/**/*.ts
---
Every async function should have proper error handling with try-catch blocks or error callbacks.
Usage: autorules [options]
Options:
-w, --workers <number> Number of parallel workers (default: 3)
-r, --report <format> Report format: html (default: html)
-m, --model <model> AI model to use (default: openai/gpt-oss-120b)
-k, --api-key <key> OpenRouter API key (or set OPENROUTER_API_KEY env var)
-o, --output <path> Output path for report (default: autorules-report.html)
--provider <name> Filter to only use specific provider (e.g., Cerebras)
--provider-sort <method> Sort providers by method (e.g., throughput)
-h, --help Show this help message
autorules
autorules --workers=5 --model=anthropic/claude-3-opus
autorules --output=./reports/code-quality.html
autorules --api-key=sk-or-v1-xxxxx
autorules --provider=Cerebras --provider-sort=throughput
my-project/
├── src/
│ ├── index.js
│ └── utils.js
├── autorules/
│ ├── no-console.md
│ ├── proper-naming.md
│ └── security-checks.md
└── package.json
Each rule uses a simple frontmatter block. Alongside title and files, you can optionally provide an includes entry that points (relative to the rule file) to supporting guidance that should be embedded in every prompt.
title: No hardcoded secrets
files: **/*.{js,ts,py}
---
This file should not contain any hardcoded API keys, passwords, or other secrets. Look for patterns like API_KEY=, password=, or similar.
title: Consistent naming
files: src/**/*.js
---
Function names should use camelCase and be descriptive. Variable names should also use camelCase.
title: Test files required
files: src/**/*.js
---
For every source file, there should be a corresponding test file. Check if this pattern is followed.
title: Must match the code guide
files: docs/**/*.md
includes: ../specs/CODE_GUIDE.md
---
Confirm that this file follows the shared documentation standards defined in the included guide.
The generated HTML report includes:
autorules folders in your projectGet your API key from OpenRouter and either:
Set environment variable:
export OPENROUTER_API_KEY=your_key_here
Use CLI flag:
autorules --api-key=your_key_here
# Clone the repo
git clone https://github.com/markwylde/autorules.git
cd autorules
# Install dependencies
npm install
# Build
npm run build
# Run locally
node dist/cli.js
MIT
FAQs
Automated code quality checking with AI
We found that autorules demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Socket now supports PHP with full Composer and Packagist integration, enabling developers to search packages, generate SBOMs, and protect their PHP dependencies from supply chain threats.
Security News
An AI agent is merging PRs into major OSS projects and cold-emailing maintainers to drum up more work.
Research
/Security News
Chrome extension CL Suite by @CLMasters neutralizes 2FA for Facebook and Meta Business accounts while exfiltrating Business Manager contact and analytics data.