1.0.63 Plugins + Business Logic Validation, RBAC, review improvements & key fixes

News & Improvements

Plugins [Beta]

You can now connect external tools to Kody during review. It brings context straight from Figma, Jira, Linear, Notion, Posthog, Slack or any other tool integrated into your workflow.

Plugins are Model Context Protocol (MCP) servers curated by Kodus that expand Kody’s understanding. They allow you to:

  • Bring tasks, specs, and data from external tools directly into the PR.
  • Run actions right in the review thread, like moving a Jira ticket or updating a Kody rule.

Examples:

  • @kody, update this kody rule to ignore test files
  • @kody, move this task https://jira.com/task-123 to DONE

Kody fetches the information via plugin, replies in the thread, and even compares the diff against the spec automatically, pointing out what matches and what still needs to be implemented. See more details in the documentation.

Business Logic Validation [Beta]

You can now automatically validate whether a PR follows exactly what’s described in a spec, ticket, or document.

Just use the command:

  • @kody -v business-logic [link or spec]

Kody analyzes the PR diff, fetches the context (via plugin or inline text), and compares it with the defined requirements. It then replies in the thread confirming what is aligned and highlighting what needs to be adjusted.

Examples:

  • @kody -v business-logic https://jira.com/task-123
  • @kody -v business-logic Rule XYZ — orders above $500 must issue cashback credits.
  • @kody -v business-logic https://docs.google.com/document/d/1234567890/edit

This eliminates the most manual part of reviews: checking if the code really meets business requirements. Now validation is automatic, integrated into the review flow, and can be re-run at any time.

You can dive deeper in the documentation.

Role-Based Access Control (RBAC)

Kodus now has a complete RBAC system, bringing much more granular access control for organizations of any size. Four distinct roles have been added: Owner, Billing Manager, Repo Admin, and Contributor.

This new system addresses the limitations of the previous model (only Owner/User), improving both security and governance:

  • Security: well-defined access levels reduce risks

  • Financial: specific role for managing billing without exposing development features

  • Repos: repository admins can manage teams and permissions

  • Experience: contributors only see the functionalities they can use

With this, companies can align Kodus with their security and team management policies more efficiently.

Auto-Join with Email Confirmation

Now users can access a workspace immediately when domain-based auto-join is enabled, but they still need to confirm their email to activate access.

Before, every new member who joined required manual approval from the Owner, even in domains configured for auto-join. With this update, the flow became faster and safer:

  • Auto-Join enabled: if the user’s email domain matches the allowed domains, they automatically join the workspace.

  • Mandatory confirmation: the user receives an email invitation and must confirm it to become active.

  • Security preserved: when the domain does not match or auto-join is disabled, it follows the traditional manual approval flow.

This ensures a much faster onboarding experience without giving up email validation.

Improvement in Default Message Behavior

We adjusted how Kodus handles start and end review messages to reduce noise and keep the flow clearer, even when the user customizes the texts.

Before, when editing messages, the behavior created extra messages instead of updating the existing one, especially in PRs with multiple commits. In addition, old start/end messages were not hidden in new reviews.

Now the flow is consistent:

  • Review start: sends a start message.

  • Review end: updates the same message, indicating closure.

  • New reviews: old start/end messages are automatically hidden.

This ensures more clarity in the PR history, avoiding unnecessary duplications and keeping communication organized.

Ignore IDE Rules in Sync

It is now possible to mark rule files that should not be synced by Kodus. Before, when closing a PR, all rule files (*.md, .mdc, etc.) were automatically synced, which was not always desired.

With this improvement, the client can control what does or does not go into the sync flow:

  • How it works: just add the tag @kody-ignored at the beginning or end of the file.

  • Result: files with this tag are ignored in the process, preventing local or IDE-specific rules from being applied in the repository.

This ensures more flexibility and avoids unnecessary noise in the team’s rules

Bug Fixes

  • Suggestions already fixed were not automatically closed
    We fixed the issue where Kody did not recognize suggestions implemented after a new push in already reviewed PRs. Now, when the client resolves the suggestion in the code, the corresponding comment is automatically closed.

  • Limit of 35 subdirectories in folder selector
    Monorepo support was limited to displaying only 35 subdirectories in the selector. This limit has been removed, ensuring that all necessary directories are correctly loaded.

  • Duplication of users in Team Activity
    We resolved the bug that caused the Team Activity panel to show the same user duplicated in some scenarios. Now each user appears only once.