Rules

alint ships 60 rule kinds across 13 families. Each rule is one entry in your .alint.yml under rules:.

By family

• Existence — 4 rules
• Content — 14 rules
• Structured query — 7 rules
• Naming — 2 rules
• Text hygiene — 6 rules
• Security / Unicode sanity — 3 rules
• Encoding — 1 rule
• Structure — 3 rules
• Portable metadata — 2 rules
• Unix metadata — 4 rules
• Git hygiene — 6 rules
• Cross-file — 7 rules
• Plugin (tier 1) — 1 rule

Alphabetical

• command — Shell out to an external CLI per matched file. (Plugin (tier 1))
• commented_out_code — Heuristic detector for blocks of commented-out source code (as opposed to prose comments, license headers, doc comments, or ASCII banners). (Git hygiene)
• dir_absent — Directory counterpart of file_absent. (Existence)
• dir_contains — Every directory matching select: must contain files matching every glob in require:. (Cross-file)
• dir_exists — Directory counterpart of file_exists. (Existence)
• dir_only_contains — Every direct-child file of a directory matching select: must match at least one glob in allow:. (Cross-file)
• every_matching_has — For every file or directory matching select:, every nested rule under require: must be satisfied. (Cross-file)
• executable_bit — Assert every file in scope either has the +x bit set (require: true) or does not (require: false). (Unix metadata)
• executable_has_shebang — Every file with +x set must begin with #!. (Unix metadata)
• file_absent — No file matching paths may exist in the walked tree. (Existence)
• file_content_forbidden — File contents must NOT match a regex. (Content)
• file_content_matches — File contents must contain at least one match for a regex. (Content)
• file_ends_with — Byte-level prefix / suffix check. (Content)
• file_exists — Every glob match in paths must correspond to a real file. (Existence)
• file_footer — Last lines lines of each file in scope must match a regex. (Content)
• file_hash — Content SHA-256 must equal the expected digest. (Content)
• file_header — The first N lines must match a regex (line-oriented). (Content)
• file_is_ascii — Every byte in the file must be < 0x80. (Content)
• file_is_text — Content is detected as text (magic bytes + UTF-8 validity check) — fails on binary files matched by paths. (Content)
• file_max_lines — File must have at most max_lines lines, using the same accounting as file_min_lines. (Content)
• file_max_size — File must be at most max_bytes in size. (Content)
• file_min_lines — File must have at least min_lines lines (\n-terminated, with an unterminated trailing segment counting as one more — wc -l semantics). (Content)
• file_min_size — File must be at least min_bytes in size. (Content)
• file_shebang — First line of each file in scope must match the shebang regex. (Content)
• file_starts_with — Byte-level prefix / suffix check. (Content)
• filename_case — Basename (stem only or full) matches a case convention: snake, kebab, pascal, camel, screaming-snake, flat, lower, upper. (Naming)
• filename_regex — Basename matches a regex. (Naming)
• final_newline — File must end with a single \n. (Text hygiene)
• for_each_dir — For every matching directory / file, evaluate a nested require: block with the entry as context. (Cross-file)
• for_each_file — For every matching directory / file, evaluate a nested require: block with the entry as context. (Cross-file)
• git_blame_age — Fire on lines matching a regex whose git blame author-time is older than max_age_days. (Git hygiene)
• git_commit_message — Validate HEAD’s commit-message shape via regex, max-subject-length, or required-body. (Git hygiene)
• git_no_denied_paths — Fire when any tracked file matches a configured glob denylist. (Git hygiene)
• indent_style — Every non-blank line indents with the configured style (tabs or spaces). (Text hygiene)
• json_path_equals — Query a structured document with a JSONPath expression and assert every match deep-equals the supplied value. (Structured query)
• json_path_matches — Same shape as the *_equals variants, but the asserted value is a regex matched against string values. (Structured query)
• json_schema_passes — Validate every JSON / YAML / TOML file in paths against a JSON Schema document. (Structured query)
• line_endings — Every line ending matches target: lf or crlf. (Text hygiene)
• line_max_width — Cap line length in characters (not bytes — code points). (Text hygiene)
• markdown_paths_resolve — Validate that backticked workspace paths in markdown files resolve to real files or directories in the repo. (Git hygiene)
• max_consecutive_blank_lines — Cap runs of blank lines to max. (Text hygiene)
• max_directory_depth — Tree depth from repo root may not exceed max. (Structure)
• max_files_per_directory — Per-directory fanout may not exceed max_files. (Structure)
• no_bidi_controls — Flag Trojan-Source bidi override characters (U+202A–202E, U+2066–2069). (Security / Unicode sanity)
• no_bom — Flag a leading UTF-8 / UTF-16 LE/BE / UTF-32 LE/BE byte-order mark. (Encoding)
• no_case_conflicts — Flag paths that differ only by case (e.g. (Portable metadata)
• no_empty_files — Flag zero-byte files. (Structure)
• no_illegal_windows_names — Reject path components Windows can’t represent: (Portable metadata)
• no_merge_conflict_markers — Flag <<<<<<< , =======, >>>>>>> markers at the start of a line — almost always left over from an unresolved merge. (Security / Unicode sanity)
• no_submodules — Flag the presence of .gitmodules at the repo root — always, regardless of paths. (Git hygiene)
• no_symlinks — Flag tracked paths that are symbolic links. (Unix metadata)
• no_trailing_whitespace — No line may end with space or tab. (Text hygiene)
• no_zero_width_chars — Flag body-internal zero-width characters (U+200B, U+200C, U+200D, and non-leading U+FEFF). (Security / Unicode sanity)
• pair — For every file matching primary, a file matching the partner template must exist. (Cross-file)
• shebang_has_executable — Every file starting with #! must have +x set. (Unix metadata)
• toml_path_equals — Query a structured document with a JSONPath expression and assert every match deep-equals the supplied value. (Structured query)
• toml_path_matches — Same shape as the *_equals variants, but the asserted value is a regex matched against string values. (Structured query)
• unique_by — No two files matching paths may share the value of key (a path template). (Cross-file)
• yaml_path_equals — Query a structured document with a JSONPath expression and assert every match deep-equals the supplied value. (Structured query)
• yaml_path_matches — Same shape as the *_equals variants, but the asserted value is a regex matched against string values. (Structured query)