⚙️ Overriding Review Rules
📌 Introduction
This section describes the basic principles of redefining the built-in prompt of the tool. This can be used to create your own rules during review.
⚠️ Be careful — when you override the rules, you override the entire prompt, including all review logic, output format, and tool permissions.
⚠️ Important! When you override settings, you must override all settings at once: the prompt, allowed tools, and disallowed tools. You do this by specifying the
OPTIONS_TYPEvariable in the Bitbucket pipeline config.
🔀 Override Methods
📁 Method 1: Overriding via a folder
Set the OPTIONS_TYPE parameter to "folder" and create a .review/ folder in your repository with these 3 files:
my-project/
├── .review/
│ ├── PROMPT.md
│ ├── ALLOWED_TOOLS.md
│ └── DISALLOWED_TOOLS.md
├── src/
└── ...
Bitbucket example:
definitions:
steps:
- step: &ai-review-step
clone:
depth: full
name: AI Code Review
max-time: 40
image: code.wynenterprise.io/docker/bitbucket-ai-review:{your team value}
runs-on: [kodo]
script:
- |
COMMIT_MSG=$(git log --format=%B -n 1 "$BITBUCKET_COMMIT")
if [[ "$COMMIT_MSG" == *"[no ai]"* ]]; then
echo "Skip pipeline: [no ai] found in commit message."
exit 0
fi
export VCS_ACCESS_TOKEN=$CC_KODOTOKEN
export ATLASSIAN_USER_EMAIL=$CC_KODOMAIL
export TEAM_NAME=$CC_TEAM
export OPTIONS_TYPE="folder"
/pipe.sh
pipelines:
pull-requests:
'**':
- step: *ai-review-step
custom:
ai-review:
- step: *ai-review-step
1.1. Example content for PROMPT.md, ALLOWED_TOOLS.md and DISALLOWED_TOOLS.md files
Take a look at these examples of custom settings for a specific domain:
- 📝 Template: Technical Writing & Documentation — grammar, clarity, structure, and content quality for docs and articles
- 🔒 Template: Security Review — vulnerabilities, unsafe patterns, OWASP Top 10, secrets exposure
- ⚡ Template: Performance Review — bottlenecks, N+1 queries, memory leaks, algorithmic complexity
Each template page contains a ready-to-use prompt, allowed tools list, and disallowed tools list, along with usage examples for both override methods.
📋 Method 2: Overriding via script arguments
Set the OPTIONS_TYPE parameter to "arguments" and pass the following three parameters directly in the pipeline config:
| Parameter | Description | Required |
|---|---|---|
CC_PROMPT |
New prompt for review | Yes |
CC_ALLOWED_TOOL |
List of allowed tools for the AI agent | Yes |
CC_DISALLOWED_TOOL |
List of disallowed tools for the AI agent | Yes |
Bitbucket action example:
definitions:
steps:
- step: &ai-review-step
clone:
depth: full
name: AI Code Review
max-time: 40
image: code.wynenterprise.io/docker/bitbucket-ai-review:{your team value}
runs-on: [kodo]
script:
- |
COMMIT_MSG=$(git log --format=%B -n 1 "$BITBUCKET_COMMIT")
if [[ "$COMMIT_MSG" == *"[no ai]"* ]]; then
echo "Skip pipeline: [no ai] found in commit message."
exit 0
fi
export VCS_ACCESS_TOKEN=$CC_KODOTOKEN
export ATLASSIAN_USER_EMAIL=$CC_KODOMAIL
export TEAM_NAME=$CC_TEAM
export CC_PROMPT="New review rules for AI agent"
export CC_ALLOWED_TOOL="List of allowed tools for AI agent"
export CC_DISALLOWED_TOOL="List of disallowed tools for AI agent"
export OPTIONS_TYPE="arguments"
/pipe.sh
pipelines:
pull-requests:
'**':
- step: *ai-review-step
custom:
ai-review:
- step: *ai-review-step
Replace the values of CC_PROMPT, CC_ALLOWED_TOOL and CC_DISALLOWED_TOOL with your actual content.
2.1. Example content for CC_PROMPT, CC_ALLOWED_TOOL and CC_DISALLOWED_TOOL variables
- 📝 Template: Technical Writing & Documentation — grammar, clarity, structure, and content quality for docs and articles
- 🔒 Template: Security Review — vulnerabilities, unsafe patterns, OWASP Top 10, secrets exposure
- ⚡ Template: Performance Review — bottlenecks, N+1 queries, memory leaks, algorithmic complexity
⚠️ Important Limitations
✅ Value for the CC_ALLOWED_TOOL variable and the ALLOWED_TOOLS.md file
The list of allowed tools must always include the following:
mcp__serena, mcp__bitbucket__bb_get_pr, mcp__bitbucket__bb_get_file,
mcp__bitbucket__bb_ls_pr_comments, mcp__bitbucket__bb_add_pr_comment,
mcp__bitbucket__bb_update_pr_comment, mcp__bitbucket__bb_delete_pr_comment,
mcp__bitbucket__bb_approve_pr, mcp__bitbucket__bb_reject_pr,
mcp__bitbucket__bb_get_commit_history, mcp__bitbucket__bb_list_branches,
mcp__bitbucket__bb_search
You can expand it by adding your own, but we do not recommend removing anything from it.
✅ Value for the CC_DISALLOWED_TOOL variable and the DISALLOWED_TOOLS.md file
The list of disallowed tools must always include the following:
WebSearch, Bash(git diff:*), Bash(git push:*), Bash(rm:*), Bash(git diff:*)
You can expand it by adding your own, but we do not recommend removing anything from it.
🤖 Kodo AI Reviewer
📚 Gitea
👩💻 Developer
🧑🔧 Tech Lead
- CI/CD Integration
- Extension of Existing Review Rules
- Overriding Review Rules
- Troubleshooting
- Configuration and Parameters
📚 Bitbucket
👩💻 Developer
🧑🔧 Tech Lead
- CI/CD Integration
- Extension of Existing Review Rules
- Overriding Review Rules
- Troubleshooting
- Configuration and Parameters