Qodo Get Rules
Pull Qodo coding rules ranked for your task so the agent applies ERROR, WARNING, and RECOMMENDATION constraints during generation.
Overview
Qodo Get Rules is an agent skill most often used in Build (also Ship) that loads severity-ranked Qodo rules via search so code generation follows your team’s constraints.
Install
npx skills add https://github.com/qodo-ai/qodo-skills --skill qodo-get-rulesWhat is this skill?
- Formats output as Qodo Rules Loaded with ranked rule count and severity legend
- Each rule line: name, ERROR|WARNING|RECOMMENDATION, and content snippet
- Empty search returns a valid no-constraints message without failing the session
- Query generation guidelines stress topic plus cross-cutting searches for relevance
- Closing --- separator standardizes handoff into subsequent code generation
- 3 severity levels: ERROR, WARNING, RECOMMENDATION
Adoption & trust: 2.1k installs on skills.sh; 37 GitHub stars; 2/3 security scanners passed (skills.sh audits).
What problem does it solve?
Your agent ships patches that violate security and architecture rules because no ranked rule context loads before codegen starts.
Who is it for?
Solo and small teams already on Qodo who want agent-driven edits to respect the same searchable rule set as their IDE workflow.
Skip if: Builders without Qodo access, pure copy or SEO tasks, or repos that rely solely on ad-hoc CLAUDE.md bullets with no Qodo index.
When should I use this skill?
Starting a coding or refactor task in a Qodo-enabled repo when you need ranked rules injected before generation.
What do I get? / Deliverables
The session starts with a Qodo Rules Loaded block listing ERROR, WARNING, and RECOMMENDATION items to apply during the next implementation or refactor pass.
- Qodo Rules Loaded markdown block
- Ranked rule list with severities
- Documented empty-result fallback
Recommended Skills
Journey fit
Spans multiple journey phases - primary shelf plus alternate fits below.
Rule loading sits where agents write and refactor code daily—before and during implementation—not only at post-merge review. It wires agent sessions to Qodo’s /rules/search endpoint as procedural knowledge, which is agent-tooling rather than a human-only review checklist.
Where it fits
Run get-rules with a topic query before the agent scaffolds a new API module so credential and logging ERROR rules apply.
Refresh rules mid-task when pivoting from UI work to payment integration so cross-cutting security rules resurface.
Load rules immediately before a guided refactor PR so WARNING-level patterns match what Qodo will flag in review.
Prioritize ERROR severity hits about secrets and auth before merging a hotfix branch.
How it compares
Qodo search integration for pre-codegen constraints—not a standalone static linter config or marketing copy skill.
Common Questions / FAQ
Who is qodo-get-rules for?
Developers using Qodo with AI coding agents who need automatic rule retrieval keyed to the current task topic and cross-cutting policies.
When should I use qodo-get-rules?
At build time before implementing a feature or fixing bugs; at ship time before large refactors or security-sensitive changes when you want rules loaded first.
Is qodo-get-rules safe to install?
It invokes Qodo rule search over the network; review the Security Audits panel on this Prism page and confirm what code context your queries may expose.
SKILL.md
READMESKILL.md - Qodo Get Rules
# Formatting and Outputting Rules ## Output Structure Print the following header: ``` # 📋 Qodo Rules Loaded Search queries: `{TOPIC_QUERY_NAME}` + `{CROSS_CUTTING_QUERY_NAME}` Rules loaded: **{TOTAL_RULES}** (ranked by relevance to your task) These rules must be applied during code generation based on severity: ``` ## Rules List List rules in the order returned (ranked by relevance — most relevant first). Each rule uses this format: ``` - **{name}** [{SEVERITY}]: {content} ``` Where `{SEVERITY}` is one of: `ERROR`, `WARNING`, or `RECOMMENDATION`. **Example:** ``` - **No Hardcoded Credentials** [ERROR]: Credentials, API keys, and tokens must not appear in source code; use environment variables or a secrets manager instead. - **Structured Logging Required** [WARNING]: All log statements must use structured logging with key-value pairs; avoid string interpolation in log messages. - **Repository Pattern** [RECOMMENDATION]: Service layer should delegate data access to a dedicated repository class rather than calling the ORM directly. ``` ## Empty Result If no rules were returned, output: ``` # 📋 Qodo Rules Loaded No relevant rules found for this task. Proceeding without rule constraints. --- ``` Do **not** crash or error — an empty result is valid. ## Closing Separator End all output (rules found or not) with `---`. # Query Generation Guidelines The search query is the most important input to the `/rules/search` endpoint. A well-formed query retrieves rules that are genuinely applicable to the task; a generic query returns irrelevant or noisy rules. ## Strategy The search uses **embedding-based retrieval** where every rule is indexed as a vector of: ``` Name: {rule name} Category: {rule category} Content: {rule content} ``` To maximize semantic alignment between the query and the stored rule vectors, the search query must mirror this exact structure. A structured query aligns on **all three dimensions** (name, category, content) rather than collapsing the signal into a single sentence. ### Field guidelines - **Name**: Think of it as "what rule would apply here?" Write a concise 5-10 word title describing the rule this coding assignment would trigger. - **Category**: Choose the single most relevant category from the available values: - `Security` — authentication, authorization, injection, secrets, encryption, token validation, access control, privilege escalation, CSRF, XSS - `Correctness` — logic errors, null handling, off-by-one, type safety, incorrect computation, wrong conditional, missing guard, data corruption - `Quality` — code style, naming, readability, maintainability, dead code, code duplication, comment quality, magic numbers, overly complex logic, formatting - `Reliability` — error handling, retries, graceful degradation, timeouts, circuit breakers, fault tolerance, service availability, idempotency, recovery - `Performance` — latency, caching, memory, query optimization, batching, N+1 queries, connection pooling, unnecessary computation, scalability - `Testability` — test coverage, mocking, test structure, assertions, test isolation, test data, parameterized tests, fixture management - `Compliance` — licensing, regulatory, data retention, audit trails, GDPR, PII handling, data classification, policy enforcement - `Accessibility` — WCAG, ARIA, screen readers, keyboard navigation, color contrast, focus management, semantic HTML - `Observability` — logging, metrics, tracing, alerting, monitoring, instrumentation, dashboards, distributed tracing, log levels, error reporting - `Architecture` — layering, coupling, module boundaries, API design, dependency direction, separation of concerns, package structure, interface design, service decomposition, domain modeling **Tie-breaking:** When an assignment spans multiple categories, prefer `Security` if security is one of the candidates (security rules have the highest impact if missed). Otherwise prefer the category that descr