Skip to main content
Custom Prompts give you complete control over how Kody analyzes your code. Tailor the AI’s focus for each review category and severity level to match your team’s standards, tech stack, or specific model capabilities.

Access Custom Prompts Settings

Configure your custom prompts for all repositories in your organization

Why Use Custom Prompts?

Team-Specific Standards

Align Kody’s reviews with your team’s unique coding standards, architectural patterns, and best practices

Model Optimization

Craft prompts optimized for your specific AI model’s strengths when using BYOK

Focus Control

Direct Kody’s attention to issues that matter most to your project and reduce noise

Domain Expertise

Add industry-specific or technology-specific context that improves review quality
Custom prompts don’t receive automatic updates. Reset to default to get improvements.

Optimize for Your Model

Using BYOK? Customize prompts to match your chosen model’s strengths and instruction-following style for best results.

How Custom Prompts Work

Custom Prompts operate at two levels:

Category Prompts

Define what Kody looks for in each review category:
  • Bug
  • Security
  • Performance
Focus: Code correctness and execution issuesDefault coverage:
  • Execution breaks (unhandled exceptions)
  • Wrong results (incorrect output)
  • Resource leaks (files, connections, memory)
  • State corruption (invalid object/data states)
  • Logic errors (incorrect control flow)
  • Race conditions (concurrent access issues)
Max length: 2000 characters

Severity Prompts

Define how Kody classifies issue severity:
  • Critical
  • High
  • Medium
  • Low
Definition: Issues requiring immediate attentionDefault examples:
  • Application crash/downtime
  • Data loss/corruption
  • Security breach (unauthorized access/data exfiltration)
  • Critical operation failure (auth/payment/authorization)
  • Direct financial loss operations
  • Memory leaks causing inevitable crash
Max length: 2000 characters

Configuring Custom Prompts

1

Navigate to Settings

Go to app.kodus.io/settings/code-review/global/custom-prompts for global settings, or access per-repository settings through your repository configuration
2

Choose Category or Severity

Select which prompt you want to customize:
  • Category Prompts: Bug, Security, or Performance
  • Severity Prompts: Critical, High, Medium, or Low
3

Write Your Custom Prompt

Enter your custom prompt (max 2000 characters). Be specific and focused on what you want Kody to detect or how to classify issues.
4

Save Configuration

Click Save Settings to apply your custom prompts. Changes take effect immediately for new reviews.
You can customize any combination of prompts. For example, customize only the Security category while keeping default prompts for Bug and Performance.

Best Practices

Be Specific to Your Context

Do: Context-Specific

Bug category prompt:
Focus on null pointer exceptions in our 
Java services, unclosed database connections 
in DAO layer, and race conditions in our 
async event handlers. Check for proper 
resource cleanup in try-finally blocks.

Don't: Too Generic

Bug category prompt:
Look for bugs in the code.
Check for issues and problems.

Avoid Redundancy Between Prompts

Each category and severity should have a distinct focus. Don’t repeat the same instructions across different prompts.
Bug Category: Focus on execution correctness, null pointer exceptions, and resource cleanup in our Java services.Security Category: Focus on SQL injection, XSS, and CSRF in our API endpoints. Verify input sanitization and parameterized queries.Performance Category: Focus on N+1 queries, missing database indexes, and inefficient loops in data processing.Result: Each prompt has a clear, non-overlapping focus.
Bug Category: Check for null pointers, SQL injection, and slow queries.Security Category: Look for SQL injection, null pointers, and performance issues.Performance Category: Find slow queries, null pointers, and security vulnerabilities.Problem: All prompts overlap, confusing the model and reducing review quality.

Be Careful with Examples

Specific code examples may cause the model to miss variations. Describe patterns broadly instead.
  • Good: Pattern Description
  • Risky: Specific Example
Detect SQL injection in database queries:
- Raw string concatenation in SQL statements
- User input directly in query strings
- Missing parameterized queries or ORMs
- Dynamic query construction without sanitization
This describes the pattern broadly, catching multiple variations.

Use Cases

Scenario: Healthcare application with HIPAA compliance requirementsCustom Security Prompt:
Focus on HIPAA compliance in data handling:
- PHI (Protected Health Information) exposure in logs or errors
- Missing encryption for PHI at rest and in transit
- Inadequate access controls for patient data
- Audit logging gaps for PHI access
- Data retention violations
- Missing patient consent verification
Benefit: Kody catches compliance-specific issues that generic security reviews might miss.
Scenario: React/Node.js application with specific patternsCustom Bug Prompt:
Focus on React and Node.js common pitfalls:
- Missing dependency arrays in useEffect/useMemo
- Unhandled promise rejections in async handlers
- Memory leaks from event listener cleanup
- Race conditions in state updates
- Missing error boundaries
- Uncaught exceptions in Express middleware
Benefit: Reviews are laser-focused on your stack’s specific gotchas.
Scenario: Using Gemini 2.5 Flash via BYOK for cost optimizationCustom Performance Prompt:
Analyze algorithmic efficiency and resource usage.
List specific issues in this format:
1. Issue type and location
2. Current complexity
3. Optimization suggestion
4. Expected improvement

Prioritize: database queries, loops, memory allocations.
Benefit: Structured output format that Gemini handles exceptionally well, improving review quality.
Scenario: Startup moving fast, needs different severity thresholdsCustom Critical Prompt:
Only flag as Critical if:
- Production data could be deleted or corrupted
- Security breach allowing direct data exfiltration
- Payment processing failures
- Complete service outage for core features

Note: Performance issues are never Critical unless causing crashes.
Benefit: Reduces alert fatigue by aligning severity with business impact.

Troubleshooting

Symptoms: Too many low-value suggestions after customizationSolutions:
  • Make prompts more specific and focused
  • Add exclusions for patterns you want to ignore
  • Raise minimum severity threshold in Suggestion Control
  • Check for redundancy between category and severity prompts
Symptoms: Kody doesn’t catch issues it shouldSolutions:
  • Review your prompt for being too narrow or example-specific
  • Check if the issue falls under a category you didn’t customize
  • Try resetting to default to see if the issue is caught
  • Consider if the issue might be classified under a different severity
Symptoms: Same type of issue flagged sometimes but not alwaysSolutions:
  • Ensure prompts are clear and unambiguous
  • Remove conflicting instructions across different prompts
  • Check if you’re using examples that are too specific
  • Consider if different models in primary/fallback have different capabilities
Symptoms: Want to use custom prompts but unsure where to startSolutions:
  • Start by running default reviews for a week
  • Note patterns in false positives or missed issues
  • Customize only the specific prompt related to those patterns
  • Keep other prompts at default until you see a clear need

Frequently Asked Questions

It depends on where you set them:
  • Global settings: Apply to all repositories in your organization
  • Per-repository settings: Override global settings for that specific repo
This lets you have organization-wide standards with repository-specific overrides when needed.
Yes. Click into any prompt in settings to view default content.
Changes only affect new reviews. Re-run with @kody start-review to apply new prompts to existing PRs.
No. Custom prompts are web-only to ensure intentional changes. Other settings (ignored paths, branches) can use kodus-config.yml.
Only customize prompts with clear, specific needs. Keep others at default to benefit from our improvements. Start with 1-2 prompts.
Works seamlessly. Tailor prompts to your model’s strengths. Both primary and fallback use the same custom prompts.
I