Write an effective rule
A useful rule has three parts:| Part | Example |
|---|---|
| Scope | Payment handlers |
| Requirement | Verify the authenticated account owns the payment method |
| Reason or exception | Prevent cross-account charges; test fixtures are excluded |
Payment handlers must verify that the authenticated account owns the payment method before creating a charge. Test fixtures are excluded.Keep each rule focused on one decision. Split a rule when it contains several unrelated requirements.
Good rule patterns
Use rules for standards that can be checked from code and repository context:- require tests for payment flows
- route environment access through the validated configuration module
- use design system tokens instead of raw color values
- prevent direct database access from HTTP controllers
- require authorization checks before account-scoped reads or writes
- reject deprecated APIs outside an approved legacy path
Roll out a rule safely
Available enforcement controls can vary by plan and platform release. Check the rule editor in your Autter organization for the controls currently available to you.

