Built-in rules
FlowForge v3 ships with eight built-in rules. Each rule is a small, focused check with a default severity and, in some cases, configurable options. This page is the catalog. For an introduction to how rules fit into the broader FlowForge model, see Core Concepts > Rules. For the configuration shape (the rules.extends and rules.overrides keys), see the config.yml schema.
Override syntax
Section titled “Override syntax”Every rule below can be customized through the rules.overrides map in .flowforge/config.yml. The override entry has two optional fields:
rules: overrides: <rule-name>: severity: error | warning | info | off # replaces defaultSeverity options: <option-name>: <value> # rule-specificSetting severity: off disables a rule entirely. Omitting severity leaves the rule on its built-in default. options are passed through to the rule and only consulted when the rule documents that option.
Rule catalog
Section titled “Rule catalog”The table below summarizes every rule. Detailed documentation for each follows.
| Rule | Default severity | Controlled by / Reference |
|---|---|---|
max-file-lines | error | standards.maxFileLines |
max-function-lines | warning | standards.maxFunctionLines |
no-console-log | warning | Best practice |
branch-protection | error | FlowForge Rule #18 — no direct work on main/develop |
commit-message-format | error | FlowForge Rule #34 — Conventional Commits |
ticket-reference | warning | FlowForge Rule #5 — no work without a ticket |
no-ai-references | error | FlowForge Rule #33 — no AI references in commits or source |
jsdoc-required | warning | Best practice |
max-file-lines
Section titled “max-file-lines”| Attribute | Value |
|---|---|
| Default severity | error |
| Reads from | standards.maxFileLines |
| Skips | Test files (*.test.*, *.spec.*) |
| File extensions | .ts, .tsx, .js, .jsx, .py, .go, .java, .rb, .cs |
Ensures no source file exceeds the configured maximum line count (default: 700). Test files are exempt from this check, on the principle that long table-driven tests are expected and refactoring them does not improve readability the way splitting a 1,200-line module does.
The line count is read directly from standards.maxFileLines. Adjusting the limit is therefore done in the standards section, not via a per-rule option:
standards: maxFileLines: 900 # raise the ceiling project-widerules: overrides: max-file-lines: severity: warning # demote from error to warningConfigurable options.
This rule has no rule-level options. Use standards.maxFileLines to change the limit and the override severity field to change the severity.
max-function-lines
Section titled “max-function-lines”| Attribute | Value |
|---|---|
| Default severity | warning |
| Reads from | standards.maxFunctionLines |
| Skips | Test files (*.test.*, *.spec.*) |
| File extensions | .ts, .tsx, .js, .jsx |
Ensures functions do not exceed the configured maximum line count (default: 50). The detector uses brace-depth tracking to find function boundaries; nested functions are tracked independently so a long outer function does not mask a long inner one.
standards: maxFunctionLines: 75 # raise the ceiling project-wideConfigurable options.
This rule has no rule-level options. Use standards.maxFunctionLines to change the limit and the override severity field to change the severity.
no-console-log
Section titled “no-console-log”| Attribute | Value |
|---|---|
| Default severity | warning |
| File extensions | .ts, .tsx, .js, .jsx |
| Skips | Test files (*.test.*, *.spec.*) |
Detects console.log statements in production source files. Other console methods (console.warn, console.error, and the rest) are intentionally allowed — only console.log is flagged as the canonical “I forgot to remove my debug print” pattern.
The detector parses each line so that console.log references inside string literals, template literals, and comments are not flagged. A real call must be present in code to trigger a violation.
Configurable options.
This rule has no rule-level options. Override its severity to change behavior. To promote to a hard error:
rules: overrides: no-console-log: severity: errorTo disable entirely (for projects where console.log is the primary output, e.g., CLI tools):
rules: overrides: no-console-log: severity: offbranch-protection
Section titled “branch-protection”| Attribute | Value |
|---|---|
| Default severity | error |
| FlowForge Rule | #18 (never work on main/develop) |
| Default branches | main, master, develop |
Prevents direct work on protected branches. By default, main, master, and develop are protected. Custom protected branches can be added via rule override options — they are merged with the defaults rather than replacing them.
This rule enforces FlowForge Rule #18, which states that all work happens on feature branches and that protected branches are advanced only via reviewed pull requests.
Configurable options.
| Option | Type | Default | Description |
|---|---|---|---|
protectedBranches | string[] | [] | Additional branch names to protect. Merged with the built-in defaults. |
rules: overrides: branch-protection: severity: error options: protectedBranches: - release/* - hotfix/* - productioncommit-message-format
Section titled “commit-message-format”| Attribute | Value |
|---|---|
| Default severity | error |
| Reads from | standards.commitFormat |
| Active when | standards.commitFormat is conventional and a commit is in scope |
Validates that commit messages follow the Conventional Commits format: type(scope): description or type: description, with an optional ! for breaking-change markers.
Recognized commit types are: feat, fix, chore, docs, style, refactor, perf, test, ci, build, revert.
The rule is skipped entirely when no commit message is in scope (for example, when running rules outside a commit context) or when standards.commitFormat is set to simple.
Configurable options.
This rule has no rule-level options. Switch standards.commitFormat between conventional and simple in the Standards section to change the format the rule enforces.
standards: commitFormat: simple # disable conventional-commit validation project-wideticket-reference
Section titled “ticket-reference”| Attribute | Value |
|---|---|
| Default severity | warning |
| FlowForge Rule | #5 (no work without a valid ticket) |
Ensures every commit message references a ticket. Three ticket reference formats are recognized:
#123— GitHub-style issue referencesPROJ-123— Jira/Linear-style keys (uppercase prefix of two or more letters, dash, digits)[FF3-001]— bracket-wrapped uppercase-alphanumeric keys
The full commit message is scanned, not just the subject line. A reference anywhere in the message satisfies the rule. This makes it natural to pair the rule with the commit-message-format rule, which constrains the subject line shape.
Configurable options.
This rule has no rule-level options. Override its severity if your team treats ticket references as strict:
rules: overrides: ticket-reference: severity: errorno-ai-references
Section titled “no-ai-references”| Attribute | Value |
|---|---|
| Default severity | error |
| FlowForge Rule | #33 (no AI references in commits or source files) |
Blocks AI tool references in commit messages and source files. The rule scans:
- The full commit message (case-insensitive) for unambiguous AI-generation markers — for example
Co-authored-by: claude,Generated with ChatGPT,🤖 Generated with, and similar. - Staged JS/TS source files (excluding tests) for obvious AI-generation markers.
The list is intentionally conservative. Bare mentions of AI tool names (claude, gpt, openai, anthropic, and so on) are not blocked — those names appear legitimately in code as APIs, package names, and integration targets. Only attribution patterns (“co-authored by …”, “generated with/by …”) are flagged.
This rule enforces FlowForge Rule #33, which keeps the public git history professional. It does not prohibit using AI tools — only the convention of advertising them in commit metadata.
Configurable options.
This rule has no rule-level options. Override its severity if your project policy differs:
rules: overrides: no-ai-references: severity: warning # log but do not fail commitsjsdoc-required
Section titled “jsdoc-required”| Attribute | Value |
|---|---|
| Default severity | warning |
| File extensions | .ts, .tsx |
| Skips | Test files (*.test.*, *.spec.*) |
Requires JSDoc on exported declarations: export function, export default function, export const, export class, export abstract class, export default class, export interface, export type, and export enum. Bare re-exports (export default foo;) are intentionally not matched, on the assumption that they re-export an already-documented symbol.
The detector scans upward from each export line, skipping blank lines and TypeScript decorators, looking for a closing JSDoc marker. The block must start with /** (a regular /* ... */ block does not qualify).
Configurable options.
This rule has no rule-level options. Override its severity to make documentation a hard requirement:
rules: overrides: jsdoc-required: severity: errorDisabling a rule
Section titled “Disabling a rule”To turn a rule off entirely, set severity: off:
rules: overrides: no-console-log: severity: offA disabled rule is not run and produces no violations.
See also
Section titled “See also”- Core Concepts > Rules — how rules fit into FlowForge as a whole.
- config.yml schema — the full configuration shape.
- Standards — the thresholds that several rules read from.