firmis validate - Validate Rule Files
Synopsis
Section titled “Synopsis”firmis validate [rules...] [options]Description
Section titled “Description”A rule with a broken regex does not fail loudly - it just stops matching. firmis validate catches typos, invalid patterns, and schema errors in your YAML rule files before they create silent gaps in your detection coverage.
Pass one or more rule files or directories. Firmis checks each file for YAML syntax errors, schema compliance (required fields present and correctly typed), and regex compilation. Every regex, file-access, and network pattern is compiled via JavaScript RegExp to confirm it is valid. In --strict mode, regex compilation warnings are promoted to errors, making the command suitable as a CI gate for your rule library.
Use --built-in to validate Firmis’s 324 built-in rules. This is useful after a version upgrade to confirm nothing regressed.
At least one argument ([rules...]) or --built-in must be provided. If neither is given, the command prints usage and exits with code 1.
firmis validate is read-only. It does not modify any files.
Examples
Section titled “Examples”Validate a custom rule file before committing
Section titled “Validate a custom rule file before committing”npx firmis validate rules/custom/my-rules.yamlValidate all rules in a directory
Section titled “Validate all rules in a directory”npx firmis validate rules/custom/Validate built-in rules after a version upgrade
Section titled “Validate built-in rules after a version upgrade”npx firmis validate --built-inValidate in strict mode for CI (warnings become errors)
Section titled “Validate in strict mode for CI (warnings become errors)”npx firmis validate rules/custom/ --built-in --strictValidate before every scan in a script
Section titled “Validate before every scan in a script”npx firmis validate rules/ && npx firmis-cli scan --config .firmisrcOptions
Section titled “Options”| Flag | Type | Default | Description |
|---|---|---|---|
--strict | boolean | false | Treat regex warnings as errors. Recommended before shipping rules to production or adding validate as a CI gate. |
--built-in | boolean | false | Also validate Firmis’s 324 built-in rules. Useful after upgrading to confirm no rules regressed. |
Exit Codes
Section titled “Exit Codes”| Code | Meaning |
|---|---|
0 | All validated rule files are valid. |
1 | One or more rule files have errors. |
1 | --strict is set and one or more regex warnings were found. |
1 | No paths specified and --built-in not set. |
See Also
Section titled “See Also”- Custom Rules - how to write your own YAML detection rules
- Rules Overview - how the rule engine evaluates patterns and assigns confidence scores
- policy validate - validate a policy YAML file (separate from rule validation)