Qodo Best Practices

Rules, Reviews, and Governance at Scale

— Sri Rang, Solutions Architect @ Qodo

8 Best Practices

  1. Rules — Enforce coding standards per-repo
  2. PR Findings Sync — Persist findings for analytics
  3. Incremental vs Full Re-Review — Review only what changed
  4. Draft PRs — Suppress noise while WIP
  1. Compliance at Merge — Silent audit on every merge
  2. Verifiable Work Items — Good acceptance criteria = good review
  3. Auto-Generate Descriptions — Structure every PR automatically
  4. Chat Agent — Follow-up without leaving ADO

1. Rules

Enforce Team Standards on Every PR

Rules — Two Sources

Repo Rules
.qodo/rules.yaml

Per-repo, version-controlled
alongside the code

Platform Rules
Qodo Console

Org-wide governance
overrides repo rules

Repo Rules — The YAML File

- title: "Work item must be linked in the PR description"
  objective: "Ensure every PR is traceable to a work item"
  success_criteria: "PR description contains AB#1234"
  failure_criteria: "No AB# reference found in the PR description"
  compliance_label: true
  category: "traceability"
  external_id: "ORG-POLICY-001"

- title: "No secrets or connection strings in committed code"
  compliance_label: true
  category: "security"
  severity: "critical"
  external_id: "ORG-POLICY-002"

Repo Rules — Wire It Up

.pr_agent.toml:

[config]
add_repo_metadata = true
add_repo_metadata_file_list = [".qodo/rules.yaml"]

On the next PR, Qodo:

  1. Reads .qodo/rules.yamlno LLM step
  2. Evaluates each rule against the diff
  3. Reports violations in the review comment

Repo Rules — Key Constraints

Constraint Detail
File must end in .yaml or .yml .json, .toml, .md not picked up
YAML list at the top level Dict at root → skipped with warning
title is the only required field All other fields default
compliance_label: true adds a blocking label Defaults to false
enable_rules_platform: true overrides file rules Platform rules replace repo rules entirely

Platform Rules — Org Wide Governance

flowchart LR subgraph Org["Engineering Org"] Devs["Developers\n(all)"] A1(["Engineering Leads"]) A2(["Security + Compliance"]) end Console[("Qodo Console\nPlatform Rules")] subgraph Repos["All Repositories"] R1["Repo A"] R2["Repo B"] R3["Repo C"] end A1 -->|"define & manage"| Console A2 -->|"define & manage"| Console Console -->|"enforced on every PR"| R1 Console -->|"enforced on every PR"| R2 Console -->|"enforced on every PR"| R3 classDef admin fill:#6b21a8,stroke:#4c1d95,color:#fff classDef dev fill:#e2e8f0,stroke:#94a3b8,color:#334155 classDef console fill:#7c3aed,stroke:#5b21b6,color:#fff classDef repo fill:#dbeafe,stroke:#3b82f6,color:#1e3a5f class A1,A2 admin class Devs dev class Console console class R1,R2,R3 repo

Platform Rules — Rules via Platform

Screenshot 1 Screenshot 2 Screenshot 3 Screenshot 4 Screenshot 5
×

Platform Rules — Metrics: Rules & Findings

Screenshot 1 Screenshot 2