Rules & Templates
Audience: Customer — this page documents rule types, templates, and custom rules.
Rulecatch ships with 200+ rule templates organized into 17 categories. Rules are assigned based on the user's tech stack selection during onboarding.
Rule Sources
| Source | Description | Stored In | Available To |
|---|---|---|---|
| Template | Pre-built rules from Rulecatch library | Global.ruleTemplates |
All plans |
| Custom | User-created rules | user_rules |
Enterprise only |
| Always-Active | Rules that apply to all users | Global.ruleTemplates (alwaysActive: true) |
All plans |
Rule Structure
Every rule (template or custom) has:
| Field | Type | Description |
|---|---|---|
name |
string | Human-readable name |
description |
string | What the rule detects |
category |
string | Grouping category |
severity |
error | warning | info |
Impact level |
conditions |
array | Match conditions (see Matching) |
fixTimeMinutes |
number | Estimated time to fix |
difficulty |
string | easy, medium, or hard |
Template-Specific Fields
| Field | Type | Description |
|---|---|---|
pattern |
string | Match pattern (text or regex) |
isRegex |
boolean | Whether pattern is a regular expression |
isTemplate |
boolean | Always true for templates |
enabled |
boolean | Whether template is active globally |
alwaysActive |
boolean | If true, applies regardless of stack |
Categories
Templates are organized into 17 categories:
| Category | Examples | Triggered By |
|---|---|---|
security |
Hardcoded secrets, SQL injection, XSS | All stacks (universal) |
ai-specific |
AI Errors, prompt injection | All stacks (universal) |
typescript |
Type safety, strict mode | TypeScript in stack |
react |
Hook rules, key props, state management | React/Next.js in stack |
nextjs |
App Router patterns, server components | Next.js in stack |
mongodb |
Aggregation patterns, injection prevention | MongoDB in stack |
sql |
Query safety, injection prevention | PostgreSQL/MySQL/Supabase |
nodejs |
Error handling, async patterns | JavaScript/Node.js in stack |
python |
Pythonic patterns, security | Python in stack |
css |
Accessibility, performance | CSS in stack |
html |
Semantic HTML, accessibility | HTML in stack |
docker |
Dockerfile best practices, security | Docker/AWS/GCP/Azure in stack |
git |
Commit patterns, branch management | GitHub/GitLab/Bitbucket in stack |
vue |
Vue-specific patterns | Vue in stack |
performance |
Performance anti-patterns | CSS in stack |
Stack-to-Category Mapping
When a user selects their tech stack during onboarding, Rulecatch maps each selection to rule categories:
Database Selections
| Selection | Categories Added |
|---|---|
| MongoDB | mongodb |
| PostgreSQL | sql |
| MySQL | sql |
| Redis | nodejs |
| Supabase | sql, security |
| Firebase | security |
Language Selections
| Selection | Categories Added |
|---|---|
| HTML | html, security |
| CSS | css, performance |
| JavaScript | nodejs, ai-specific |
| TypeScript | typescript, ai-specific |
| Python | python |
Framework Selections
| Selection | Categories Added |
|---|---|
| React | react, ai-specific |
| Vue | vue |
| Next.js | nextjs, react |
Git Provider Selections
| Selection | Categories Added |
|---|---|
| GitHub | git |
| GitLab | git |
| Bitbucket | git |
Deploy Platform Selections
| Selection | Categories Added |
|---|---|
| Docker | docker, security |
| AWS | security, docker |
| Vercel | nextjs, security |
| GCP | security, docker |
| Azure | security, docker |
| Dokploy | docker, security |
| Netlify | security |
| Heroku | docker, nodejs |
Universal Categories
These categories are always included regardless of stack selection:
security— Security rules apply to every projectai-specific— AI-related rules apply to all AI-assisted development
Always-Active Rules
Some rules bypass the stack/category system entirely and apply to all users. These are marked with alwaysActive: true in the template.
Currently, the AI Errors category contains always-active rules that detect common AI coding mistakes.
Always-active rules:
- Cannot be disabled by users
- Are not affected by stack selection
- Are deduplicated if they overlap with a user's stack categories
Template Sync
Rule templates are stored in the Global database on each MongoDB cluster. The rule-sync-watcher service ensures templates are synchronized between the source of truth and both regional clusters (US and EU).
Disabling Templates
Users can disable specific templates without removing them:
- The disabled template ID is added to the user's
disabledTemplatesarray - During rule resolution, disabled template IDs are excluded
- Templates can be re-enabled from the Rules page
Custom Rules (Enterprise)
Enterprise users can create custom rules with:
- Custom conditions (field + operator + value)
- Any severity level
- Any category label
- Custom fix time estimate
Custom rules are stored in the user_rules collection and loaded alongside template rules during event processing.
Pattern to Conditions Conversion
Templates can define rules using a pattern field (simpler syntax) or conditions array (full control). The Tasks service converts patterns to conditions at cache-load time:
- Plain text pattern →
{ field: 'toolInput', operator: 'contains', value: pattern } - Regex pattern →
{ field: 'toolInput', operator: 'regex', value: pattern } - No pattern →
{ field: 'toolInput', operator: 'contains', value: name.toLowerCase() }
See Also
- Matching — How conditions are evaluated
- Notifications — Alert delivery for violations
- Rules Dashboard — UI for browsing rules
- Feature Gating — Plan restrictions on rules