I Built a CLI to Extract Business Rules From Code — So They Never Get Lost Again

Farouk Mekkaoui — Fri, 13 Mar 2026 03:53:18 +0000

Run npx ruledoc and get a structured, always-up-to-date document of every business rule in your codebase. Zero install, zero config, zero dependencies. It works with TypeScript, JavaScript, Vue, and Svelte.

Here's the problem it solves.

The problem: business rules are invisible

A new developer joins the team. They're reviewing the billing module and see this:

export const FREE_PLAN_DAILY_LIMIT = 100;

They ask: "Why 100? Who decided this? Can I change it?"

Nobody knows. The constant was added 18 months ago by someone who left. There's no Notion page, no Confluence doc, no comment explaining the reasoning. The answer lives in a Slack thread that's long gone.

This happens everywhere. Business rules — the most important logic in your app — are the least documented. They hide as constants, guard clauses, magic numbers, and config values scattered across dozens of files.

When business rules are invisible:

Bugs happen silently. Someone changes a limit without realizing three other features depend on it.
Onboarding is slow. New devs spend days asking "why does this work this way?"
Compliance becomes painful. When an auditor asks "show me your business rules," you can't just grep for them.
Documentation rots. Even if someone writes a wiki page, it goes stale the moment someone pushes a code change without updating it.

Why JSDoc, wikis, and rules engines don't solve this

You might think: "Just use JSDoc" or "We have a wiki." I looked at everything out there:

JSDoc / TSDoc document what a function does, not why a business decision was made. They don't give you a searchable registry of all your rules.
Wikis (Notion, Confluence) go stale the moment someone pushes code without updating the doc. And they always do.
TODO scanners (leasot, todo-tree) find tagged comments, but they have no semantic structure — no scopes, no severity levels, no grouped output.
Business rules engines (json-rules-engine, GoRules) execute rules at runtime. They don't document the rules already living in your code.
ADRs are great for architecture decisions, but too heavy for the specific limits, thresholds, and policies buried across your files.

I couldn't find a single tool that extracts and documents business rules from code comments. So I built one.

How ruledoc works

The idea is simple: annotate business rules right where they're implemented, in a structured format that a CLI tool can extract.

1. Annotate your code

// @rule(billing.plans, critical): Free plan is limited to 100 API requests per day
export const FREE_PLAN_DAILY_LIMIT = 100;

// @rule(auth.session): Session expires after 24 hours of inactivity
const SESSION_TTL_MS = 24 * 60 * 60 * 1000;

// @rule(billing.refunds, critical): Refunds must be requested within 30 days
export const REFUND_WINDOW_DAYS = 30;

This is a regular comment — your code runs exactly the same. But now that rule is machine-readable: it has a scope (billing.plans), a severity (critical), and a description.

2. Run it

npx ruledoc

3. Get structured documentation

ruledoc generates a BUSINESS_RULES.md grouped by scope, with a table of contents and summary table:

# Business Rules

> 10 rules · 3 scopes

## Summary

| Scope | Sub | Count | Critical | Warning |
|-------|-----|------:|---:|---:|
| Auth | Session | 2 | 1 | 1 |
| Billing | Plans | 3 | 2 | — |
| Billing | Refunds | 1 | 1 | — |

It also generates BUSINESS_RULES.json for tooling, and optionally a standalone HTML page with search and filters.

Annotation validation and typo detection

ruledoc doesn't just extract — it validates. Misspell a severity?

// @rule(auth.session, crtical): Session expires after 24h

⚠ auth/session.ts:4 — unknown severity "crtical", did you mean "critical"? (defaulting to info)

No silent failures, no bad data in your docs.

Interactive diff: see what changed between runs

Each run compares with the previous output and shows what moved:

◆ ruledoc 28 rules · 5 scopes · 7 critical · 5 warning
  + Refunds must be processed within 48h [critical] billing.refund
  - Old trial rule [info] billing.trial

You immediately see which business rules were added or removed since the last run.

Audit trail for deleted rules

This was a big one. In the first version, once someone removed a @rule() annotation, the rule just disappeared.

Now ruledoc keeps a BUSINESS_RULES_HISTORY.json — a tombstone file that records every deleted rule with its removal date, last known file, scope, and severity. Think of it as a changelog for your business rules.

Removed rules also show up in the Markdown output under a "Removed rules" section. When an auditor asks "did we ever have a rule about X?", you have the answer.

Protect critical business rules in CI/CD

This is my favorite feature. Add --protect critical to your CI pipeline:

npx ruledoc --check --protect critical

If someone silently removes a critical business rule, the build fails:

✗ [critical] billing.plans: Free plan limited to 100 req/day
    was in billing/limits.ts

✗ ruledoc: 1 critical rule(s) removed — build blocked
  To allow removal, use --allow-removal or add a @rule-removed() comment.

This forces a conscious decision. If the removal is intentional, the developer adds an acknowledgment:

// @rule-removed(billing.plans, JIRA-456): Migrated to config service

This unblocks the build and the removal is recorded in the history with the ticket reference. No silent deletions, no surprises.

Smart file exclusion with .gitignore support

ruledoc automatically respects your .gitignore, so node_modules, dist, build output — all ignored without any config. It also skips test files (*.test.*, *.spec.*, __tests__/) by default, because mock @rule() annotations in tests shouldn't pollute your documentation.

Need more control? Add custom patterns:

{
  "extraIgnore": ["**/generated/**", "**/vendor/**"]
}

Or override the defaults:

npx ruledoc --no-ignore-tests
npx ruledoc --no-gitignore

LLM context export for AI-assisted coding

The context format generates a flat text file optimized for LLM prompts:

npx ruledoc --format context

Output:

# Business Rules (auto-generated by ruledoc — do not edit)
# 28 rules · 5 scopes · Generated 2026-03-16
[critical] billing.plans: Free plan limited to 100 req/day (billing/plans.ts:1)
[critical] billing.refunds: 30-day refund window (billing/refunds.ts:8)
[warning] auth.session: Session expires after 24h (auth/session.ts:2)

Append it to your CLAUDE.md or .cursorrules and your AI coding assistant knows every business rule before touching your code. No more AI-generated PRs that accidentally violate a business constraint.

GitHub Action for automated PR comments

Drop this into your workflow and every pull request gets a comment summarizing which business rules changed:

- uses: fmekkaoui/ruledoc/action@main
  with:
    protect: critical

Added a rule? Removed one? The PR comment shows it. Reviewers see the business impact at a glance without digging through the diff.

CI/CD integration with one line

Add one line to your GitHub Actions workflow:

- run: npx ruledoc --check --quiet

--check compares the generated output against the committed file and exits with code 1 if they differ. Your docs are always in sync with the code.

If you're using Turborepo, run ruledoc as a watched task alongside your dev server:

turbo watch dev rules

The annotation format in detail

The full syntax supports scopes, severity levels, and ticket references:

// @rule(scope): Description
// @rule(scope.sub): With subscope
// @rule(scope.sub, critical): With severity
// @rule(scope.sub, critical, JIRA-123): With ticket
// @rule(scope.sub, JIRA-123, critical): Order doesn't matter

Severity and ticket can be in any order — ruledoc figures out which is which. You can also customize the tag name, define your own severity levels, or provide a full custom regex.

Zero dependencies, zero risk

ruledoc has zero runtime dependencies. No lodash, no chalk, no commander. Just Node.js built-ins. It never modifies your source files, never phones home, and config is JSON-only — no eval, no code execution.

Get started in 30 seconds

npx ruledoc --init

This creates a config file and shows you the annotation format. Then add @rule() comments to your codebase and run npx ruledoc.

Works with TypeScript, JavaScript, Vue, and Svelte.

GitHub: github.com/fmekkaoui/ruledoc
npm: npmjs.com/package/ruledoc

If you've ever lost a business rule in your codebase, I'd love to hear how you dealt with it. And if you try ruledoc, feedback and stars are welcome 🙏

Forem: Farouk Mekkaoui