# Critiq

Critiq is an open source deterministic static analysis CLI and public rule catalog for developers who want clear, actionable code review feedback.

## Pages

- /index.md: Critiq is an open source CLI and rules catalog that gives developers clear, actionable code review feedback locally, without sending your code to the cloud.
- /about.md: Critiq builds open source, deterministic code review tools for developers who care about craft, privacy, and clear feedback.
- /blog.md: Updates, rule highlights, and engineering notes from the Critiq team.
- /faq.md: Answers about the Critiq open source CLI, local-first scanning, documentation, and what is shipping today.
- /changelog.md: Release history for the Critiq open source CLI, rules catalog, GitHub Action, and marketing site.
- /integrations/github-actions.md: Add Critiq to pull requests with critiq-action: install the CLI, run deterministic checks, and post inline review comments on the diff.
- /contact.md: Reach the Critiq team by email or open a GitHub issue for engine bugs, CLI problems, and rule catalog feedback.
- /privacy-policy.md: How Critiq handles information collected through critiq.dev, docs.critiq.dev, and related public website interactions.
- /terms-of-service.md: The terms that govern access to the public Critiq website, linked public documentation, and other public web content we operate.
- /products/oss.md: Install @critiq/cli and @critiq/rules to run deterministic code review locally: security, correctness, performance, and quality findings from a transparent rules catalog.
- /pricing.md: Critiq OSS is free forever. Compare planned team tiers for static PR review, grounded AI, and enterprise governance.
- /blog/why-open-sourced-rules-engine.md: Critiq ships the rule engine, DSL, and 435+ OSS catalog rules in the open. Here is what you get locally, what Pro adds, and how to inspect rules yourself.
- /blog/evidence-over-vibes-code-review.md: Review comments should be defensible: tied to a rule, a line, severity, and references, not just confident prose.
- /blog/correctness-bugs-in-review.md: Nine ts.correctness rules catch duplicate keys, async Promise executors, and other defects that pass a casual diff review.
- /blog/common-typescript-security-findings.md: Eight rule-backed security patterns Critiq flags in TypeScript pull requests, with bad code, good code, and the catalog rule ID for each fix.
- /blog/your-first-critiq-check.md: Install the OSS CLI, run your first scan, and learn to read severity, rule IDs, file paths, and fix suggestions in pretty and JSON output.
- /blog/owasp-cwe-rules-metadata.md: Every security rule in @critiq/rules declares metadata.references, OWASP, CWE, and more, so findings stay traceable in the CLI and SARIF output.
- /blog/rule-spotlight-n-plus-one-concurrency.md: How Critiq flags sequential awaits in map flows and unbounded Promise fan-out, with real rule IDs, fixes, and CLI commands.
- /blog/rule-spotlight-sql-interpolation.md: How Critiq flags interpolated SQL in TypeScript and Java, why parameterized queries fix CWE-89, and which rule IDs to tune in CI.
- /blog/inline-pr-comments-dedupe-severity.md: Use critiq-action for inline PR comments: dedupe across reruns, fail-on-severity gates, and when to block merge vs comment only.
- /blog/critiq-audit-secrets.md: An honest look at Critiq's pattern-based secret scanner: what it finds, what it skips, and when to use audit secrets vs check.
- /blog/trust-gap-ai-assisted-coding.md: Developers use AI assistants daily but often distrust review feedback. Inspectable rules, evidence, and local checks close that gap.
- /blog/testing-hygiene-change-risk.md: Testing hygiene rules surface merge-confidence gaps, silent skips, flaky timers, and diff-scoped coverage holes, before they ship.

## External docs

- https://docs.critiq.dev/: Dedicated documentation site for installation, configuration, CLI reference, rule authoring, and the OSS rules registry.

## Product pages

- /products/oss.md: Install @critiq/cli and @critiq/rules to run deterministic code review locally: security, correctness, performance, and quality findings from a transparent rules catalog.

## Sources

- Website source: critiq-cloud/apps/web/src
- Docs source: critiq-cloud/apps/docs/src
- CLI source: critiq-core/apps/cli/src/main.ts
- Rule catalog source: critiq-rules/libs/rules/catalog/catalog.yaml