code-contractor-app
GitHub App
code-contractor-app
GitHub App
Managing pull requests at scale can be challenging.
Large, untested, or mis-scoped changes often slip through review and introduce unnecessary risk.
Code Contractor helps your team prevent these issues early by automatically validating pull requests against clearly defined rules.
It enforces size limits, file scope boundaries, and quality standards β ensuring that every review starts from a reliable foundation.
π§Ύ contract.yml β Define your teamβs standards in YAML
version: 2
validation:
limits:
max_total_changed_lines: 500 # Keep PRs reviewable
max_files_changed: 20
scope:
deny_paths:
- "src/legacy/**" # Protect legacy code
- "*.production.*" # Protect prod configs
- "**/secrets.*" # Block secrets
ai:
rules:
- name: security_check
prompt: "Flag secrets, SQL injection, XSS"
severity: error
- name: test_coverage
prompt: "Ensure new code includes tests"
severity: warningWhen a pull request does not meet these standards, Code Contractor provides a detailed validation report:
β Code Contractor Validation Result
ββββββββββββββββββββββββββββββββββββ
π Statistics:
Files Changed: 23
Lines Added: 520
Lines Deleted: 95
Total Changed: 615
Delete Ratio: 0.15 (15%)
Status: FAILED β
ββββββββββββββββββββββββββββββββββββ
π Validation Rules:
β
deny_paths - Checked 23 file(s)
β max_total_changed_lines - 615 > 500
β security_check - Issues found
β οΈ test_coverage - Tests missing
ββββββββββββββββββββββββββββββββββββ
β οΈ Violations Found (3):
[ERROR] max_total_changed_lines
Too many lines changed: 615 > 500
Consider splitting this PR into smaller changes.
[ERROR] security_check
Hardcoded API key detected in src/api/client.ts:47
SQL injection vulnerability in src/database/users.ts:103
[WARNING] test_coverage
New function calculateDiscount() has no tests
Setup requires no CI/CD integration.
Install the GitHub App, place contract.yml in your repository root, and Code Contractor will begin validating pull requests automatically.
Developer
code-contractor-app is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.
Report abuse