Setup practices detection with the AI Agent
Understand how your custom practices can be detected in your IDE, your CI/CD pipelines and code reviews, using the Packmind AI Agent.
Last updated
Was this helpful?
Understand how your custom practices can be detected in your IDE, your CI/CD pipelines and code reviews, using the Packmind AI Agent.
Last updated
Was this helpful?
The Packmind AI Agent relies on AI to generate a deterministic program to detect violations of a coding practice. (Think of it as a custom Eslint rule for instance, generated by AI).
To process a practice, the AI Agent will need at least:
A description for the practice (NB: that will be in most cases generated by Packmind AI)
A negative example.
As soon as a practice is validated, the AI Agent starts processing the practice.
The AI Agent defines a two-step workflow. You can configure and monitor it in the Detection tab when you open a practice.
Detection guidelines, generated first by the AI Agent, indicate how violations of the practice can be detected in a source code using the code syntax. While the description of the practice focuses on explaining its intent, the guidelines only target the identification of its violation.
When guidelines are generated the first time, few unit tests are also generated. These are useful to help the AI Agent to understand your practice (read more on unit tests below).
Keep in mind that you can edit both guidelines and unit tests at any time if you consider some adjustments are needed .
Once guidelines are generated, and every time they are updated, the AI Agent runs a new program generation.
The program must fill the following requirements to be successful:
All negative examples (added manually, unit tests, or generated by Packmind AI) must be detected by the program.
All positive examples (added manually, unit tests, or generated by Packmind AI) must NOT be detected by the program.
Unit tests are code snippets that either contain or do not contain a violation of a coding practice. This helps to document common cases where violations should be detected or not. It's helpful for instance when you've identified a false positive and want to document why this case should not be detected as a violation.
Discover how to use unit tests in action:
When you open a practice, you'll find in the Detection tab a section called Detection Scope.
You can add one or several patterns both for inclusions and exclusions.
Packmind supports glob patterns, here are some examples:
**/*.spec.ts
Match files ending with .spec.ts
**/*Controller*
Match files which name containsController
**/infra/**/*.ts
Match.ts
files under a directory named infra,
directly or not (can be a sub-sub directory for instance)
**/infra/*.ts
Match .ts
files directly under a directory named infra
apps/**/*
Match all files inside the root directory apps
If you cannot use AI in your context for compliance reason, you can still use regular expression or Semgrep patterns. Go in the Detection tab of a coding practice to open the configuration menu.
In the Practices section, a coding practice in Packmind has one of the several detection status:
To configure: The practice has no detection configuration yet.
Disabled: The practice has been manually disabled for detection
In progress: The AI Agent is currently generating a program to detect violations of the practice.
Failed: The AI Agent could not succeed in generating a program. You'll have to ensure your practice examples are fine, and refine the detection guidelines if needed.
Violations of practices are pushed to developers in 3 different channels:
In IDEs, thanks to our IDE extensions;
During code reviews, thanks to our web browsers extensions;
When using the CLI, locally or in the CI/CD process.
Currently, the CLI supports two formatters for the output file:
The SonarQube generic format
The SARIF format (Static Analysis Results Interchange Format), which you can integrate with tools that support it
Please reach us to suggest new formats.
The answer is simple: no. Source code is sent through our plugins or the CLI through a secure SSL connection, but once our engine has analyzed the code, it's just not stored at all in our database. The database only stores source code related to a best practice description.
Ensure the detection guidelines and unit tests are correct - don't hesitate to be super accurate
Configured: The practice can be detected for violation