becwright

Guides

Portability

Export a BEC to a single self-contained bundle and import it into another repo.

In short: wrote a good rule and want it in another project (or want to hand it to a teammate)? export packs it into one small file; import drops it into the other repo. The file carries everything the rule needs — including the check’s code if it’s a custom one — so nothing breaks on the other side.

A BEC is portable — you can move it between repos. A bundle (the packed file) is a single self-contained .bec.yaml file.

Export

becwright export no-token-in-logs -o no-token-in-logs.bec.yaml

Without -o, the bundle is written to stdout.

Import

becwright import no-token-in-logs.bec.yaml          # from a file
becwright import https://example.com/rule.bec.yaml  # from a URL

On import, becwright prints the rule and the check’s code, then asks for confirmation before installing — importing a BEC means importing code that runs on every commit. Use --yes to skip the prompt in automation. becwright refuses to overwrite an existing rule id or a different check file already on disk.

Bundle format

becwright_bec: 1
exported_from: https://github.com/owner/repo   # provenance (the "bound" part)
rule:
  id: no-token-in-logs
  intent: ...
  why_it_matters: ...
  paths: ["src/**/*.py"]
  severity: blocking
check:
  kind: builtin            # builtin | script | command
  module: no_token_in_logs

The new rule is appended to the target’s .bec/rules.yaml, preserving the existing content (comments and formatting).

The three check kinds

When you export a rule, its check command is classified:

KindWhenWhat travels in the bundle
builtinbecwright run X [args]the module name (and args)
scriptreferences a repo file, e.g. .bec/checks/foo.pythe script’s source, embedded
commandanything elsethe raw command string (a warning is shown on import)

The legacy python3 -m becwright.checks.X form is still recognized on import, so bundles exported by older versions keep working.

A script bundle lands its embedded code in .bec/checks/ of the target repo, so a custom check travels with its code. A builtin bundle only needs the name, because that code ships with the becwright package.

Catalog

The becs/ directory in the repository is a catalog of ready-to-use BECs, importable directly from their raw URL. It includes Python and JavaScript/TypeScript BECs.