Rule Categories

Explore the rule categories SyntaxValid uses to detect risk across security, quality, architecture, AI-generated code, and supply chain.

## Rule Categories

SyntaxValid organizes its detection logic into rule categories.

Each category targets a specific class of risk, allowing teams to understand what kind of problem exists and why it matters.

---

## Security

Security rules detect patterns that may lead to vulnerabilities or exploitation.

Typical focus areas include:

- Injection risks

- Unsafe dynamic execution

- Authentication and authorization flaws

- Sensitive data exposure

- Insecure cryptographic usage

Security rules are often candidates for blocking when severity is high.

---

## Code Quality

Code quality rules identify patterns that increase maintenance cost or long-term risk.

They focus on:

- Excessive complexity

- Error-prone constructs

- Poor maintainability

- Unsafe abstractions

Quality rules are usually non-blocking but may influence TrustScore trends.

---

## Architecture

Architecture rules enforce structural boundaries within a codebase.

They help detect:

- Layering violations

- Forbidden dependencies

- Circular references

- Boundary leakage between domains

Architecture rules protect scalability and long-term stability.

---

## AI-Generated Code Risk

AI-related rules analyze code likely generated or heavily assisted by AI.

They focus on:

- Overly generic implementations

- Missing validation or edge case handling

- Risky patterns in critical paths

- Mismatch with project-specific context

AI-generated code is evaluated as a risk signal, not a violation by itself.

---

## Supply Chain

Supply chain rules analyze third-party dependencies and external risk factors.

They include:

- Known vulnerability signals

- Outdated or unmaintained packages

- Suspicious dependency behavior

- Policy-restricted components

Supply chain rules protect against indirect risk introduced by dependencies.

---

## How categories work together

Categories are not isolated.

A single issue may involve:

- AI-generated code

- A security risk

- An architectural violation

SyntaxValid evaluates combined signals to assess real-world impact.

---

## Categories and policies

Policies determine:

- Which categories are enforced

- Which severities block progress

- How TrustScore is affected

Categories detect.

Policies decide.

---

## Why categorization matters

Clear categorization:

- Reduces noise

- Improves prioritization

- Makes decisions explainable

- Helps teams focus on real risk

---

## Next steps

- Custom policies

- False positives and severity tuning

- Trust and security guarantees