Plugins

Make your own standards part of the audit.

Nerviq plugins let a team extend the built-in catalog with repo-specific or org-specific checks. That means internal rules, compliance controls, or delivery conventions can live inside the same scoring and recommendation system as the platform-native checks.

nerviq.config.jsCustom checksMerged into audit

How Plugin Loading Works

Nerviq looks for a root-level nerviq.config.js file, loads a plugins array, validates each plugin, and merges the resulting checks into the active technique set.

1 file

Entry point

Plugins load from nerviq.config.js in the project root.

Required check fields

Each custom check must provide the same core contract as built-in checks.

plugin:*

Result key prefix

Plugin checks are namespaced in output so they never collide with built-in keys.

nerviq.config.js Format

The config file exports a plugins array. Each plugin provides a name and a checks object.

javascript

// nerviq.config.js
module.exports = {
  plugins: [
    {
      name: "my-org-standards",
      checks: {
        hasChangelog: {
          id: "ORG-001",
          name: "Project has a CHANGELOG",
          check: (ctx) => ctx.files.includes("CHANGELOG.md"),
          impact: "medium",
          category: "hygiene",
          fix: "Create a CHANGELOG.md to track project changes.",
          sourceUrl: "https://keepachangelog.com",
          confidence: 0.9,
        }
      }
    }
  ]
};

Check Object API

Plugin checks follow the same mental model as built-in Nerviq techniques, which makes them easy to score, rank, and explain.

Field	Meaning
`id`	Stable check identifier such as ORG-001 or TEAM-SEC-04.
`name`	Human-readable check name shown in results and recommendation lists.
`check(ctx)`	Function returning true, false, or null depending on whether the practice is present and applicable.
`impact`	critical, high, medium, or low. This drives severity and recommendation rank.
`category`	Any category label you want the custom check to live under.
`fix`	Actionable remediation text shown when the check fails.

Example Plugin

A good plugin adds a small set of high-signal checks that reflect your organization’s actual standards instead of recreating the whole Nerviq catalog.

What teams add

Typical use cases

CHANGELOG or release-note requirements
Internal CODEOWNERS or review policy enforcement
Compliance-only files such as audit manifests or architecture records
Repo conventions that only make sense inside your company

What Nerviq enforces

Validation behavior

Invalid plugins are skipped. Missing required fields, bad impact values, or non-function check handlers are treated as plugin load errors instead of silent partial success.

How Plugin Checks Appear in Audit

Once loaded, plugin checks are merged into the active technique set and behave like first-class findings.

text

plugin:my-org-standards:hasChangelog
plugin:my-org-standards:hasCodeOwners

Scoring

They affect score

Plugin checks use the same impact-based weighting model as built-in checks.

Output

They show up in findings

Failed plugin checks appear in the results list, recommendation summaries, and quick-win style flows.

Explainability

They keep their metadata

sourceUrl and confidence travel with the plugin check, so your custom logic remains explainable instead of opaque.