Setup practices detection with the AI Agent
Understand how your custom practices can be detected in your IDE, your CI/CD pipelines and code reviews, using the Packmind AI Agent.
Last updated
Was this helpful?
Understand how your custom practices can be detected in your IDE, your CI/CD pipelines and code reviews, using the Packmind AI Agent.
Last updated
Was this helpful?
The Packmind AI Agent relies on AI to generate a deterministic program to detect violations of a coding practice. (Think of it as a custom Eslint rule for instance, generated by AI).
To process a practice, the AI Agent will need at least:
A description for the practice (NB: that will be in most cases generated by Packmind AI)
A negative example.
As soon as a practice is validated, the AI Agent starts processing the practice.
The AI Agent defines a two-step workflow. You can configure and monitor it in the Detection tab when you open a practice.
Make sure first AI is enabled in your Packmind organization to benefit from this.
Detection guidelines, generated first by the AI Agent, indicate how violations of the practice can be detected in a source code using the code syntax. While the description of the practice focuses on explaining its intent, the guidelines only target the identification of its violation.
Guidelines includes both positive and negative additional examples, that represent generic cases for compliant and non-compliant exemples. These are useful to help the AI Agent in understanding your practice.
Keep in mind that you can edit them at any time if you consider some adjustments are needed .
Once guidelines are generated, and every time they are updated, the AI Agent runs a new program generation.
The program must fill the following requirements to be successful:
All negative examples (either added manually or generated by Packmind AI in the Guidelines) must be detected by the program.
All positive examples (either added manually or generated by Packmind AI in the Guidelines) must NOT be detected by the program.
If the AI Agent fails at generating a program:
Ensure that negatives examples and positive examples are valid
When you open a practice, you'll find in the Detection tab a section called Detection Scope.
You can add one or several patterns both for inclusions and exclusions.
Inclusions and exclusions work as a whitelist and a blacklist, respectively. When both are defined, the blacklist always takes precedence.
Packmind supports glob patterns, here are some examples:
**/*.spec.ts
Match files ending with .spec.ts
**/*Controller*
Match files which name containsController
**/infra/**/*.ts
Match.tsfiles under a directory named infra,directly or not (can be a sub-sub directory for instance)
**/infra/*.ts
Match .tsfiles directly under a directory named infra
apps/**/*
Match all files inside the root directory apps
If you cannot use AI in your context for compliance reason, you can still use regular expression or Semgrep patterns. Go in the Detection tab of a coding practice to open the configuration menu.
In the Practices section, a coding practice in Packmind has one of the several detection status:
To configure: The practice has no detection configuration yet.
Disabled: The practice has been manually disabled for detection
In progress: The AI Agent is currently generating a program to detect violations of the practice.
Failed: The AI Agent could not succeed in generating a program. You'll have to ensure your practice examples are fine, and refine the detection guidelines if needed.
Violations of practices are pushed to developers in 3 different channels:
In IDEs, thanks to our IDE extensions;
During code reviews, thanks to our web browsers extensions;
When using the CLI, locally or in the CI/CD process.
Currently, the CLI supports two formatters for the output file:
The SonarQube generic format
The SARIF format (Static Analysis Results Interchange Format), which you can integrate with tools that support it
Please reach us to suggest new formats.
The answer is simple: no. Source code is sent through our plugins or the CLI through a secure SSL connection, but once our engine has analyzed the code, it's just not stored at all in our database. The database only stores source code related to a best practice description.
Ensure the detection guidelines are correct - don't hesitate to be super accurate
Configured: The practice can be detected for violation
