MOLTIVERSITYLEARN · BUILD · AUTOMATE2025Moltiversity
PR/Code Review

Lesson 3 of 5

Configuring Review Rules

Estimated time: 8 minutes

Configuring Review Rules

Out of the box, OpenClaw catches common issues. But every team has its own standards — maybe you care deeply about error handling but not about line length, or you want to enforce specific patterns in your API layer. This lesson shows you how to customize the review rules.

Prerequisites

    How Rules Work

      PR Diff                    Rule Engine                 Review Output
  ┌──────────────┐      ┌─────────────────┐      ┌──────────────────┐
  │ + function   │      │                 │      │ Line 42:         │
  │ +   fetch()  │─────>│  Built-in rules │─────>│ Missing error    │
  │ +   .then()  │      │  + Custom rules │      │ handling on      │
  │ +   return   │      │  + Ignore list  │      │ fetch() call     │
  └──────────────┘      └─────────────────┘      │ Severity: MEDIUM │
                                                  └──────────────────┘

    Rules are evaluated in order. Each rule has a severity level, and you can configure which severities block merging.

    Understand Rule Categories

    OpenClaw ships with five rule categories. Each is independently configurable.

    CategoryWhat It ChecksDefault
    securityVulnerabilities, secrets, injectionEnabled (HIGH)
    performanceN+1 queries, memory leaks, inefficient patternsEnabled (MEDIUM)
    code_qualityComplexity, duplication, namingEnabled (LOW)
    error_handlingMissing try/catch, unhandled promises, null checksEnabled (MEDIUM)
    documentationMissing JSDoc, outdated comments, TODO trackingDisabled

    Customize Rule Severity

    Adjust which categories matter and how much weight they carry.

    openclaw.config.yaml

    Start Permissive, Then Tighten

    New teams should start with only security as blocking. Once the team is comfortable with the AI's suggestions, gradually promote error_handling and performance to blocking. Going strict on day one leads to review fatigue and ignored comments.

    Add Custom Rules

    Define rules specific to your codebase. Custom rules use pattern matching and context analysis.

    openclaw.config.yaml

    Configure Ignore Rules

    Some files should never be reviewed. Configure ignore patterns to skip generated code, vendor files, and lock files.

    openclaw.config.yaml

    Inline Suppression

    For one-off exceptions, add // openclaw-ignore on the line above the code. OpenClaw skips that line. Use sparingly — frequent suppression comments are a code smell themselves.

    Test Your Rules

    Run your rules against an existing PR to validate they work as expected.

    Terminal
    openclaw code-review test-rules --repo my-app --pr 42 --dry-run
    Dry Run Output

    OpenClaw includes built-in rule packs for popular frameworks. Enable them for more targeted analysis.

    Language packs

    Each pack adds 10-30 rules specific to that framework. They're maintained by the OpenClaw community and updated regularly.

    Different repos can have different rules. Override at the repository level.

    Per-repo overrides
    Knowledge Check

    Why should new teams start with only security rules as merge-blocking?