The latest articles on DEV Community by László Szabó (@lezli01). https://dev.to/lezli01 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F4009493%2F4950fb77-1d74-4350-a023-25ad8d659dd3.jpg https://dev.to/lezli01 en László Szabó Tue, 30 Jun 2026 11:18:40 +0000 https://dev.to/lezli01/firebase-security-rules-deserve-better-ide-support-25gm https://dev.to/lezli01/firebase-security-rules-deserve-better-ide-support-25gm <p>I have been writing Cloud Firestore Security Rules for years, and I usually edit them in the same place where I do the rest of my work: Android Studio or another JetBrains IDE.</p> <p>And every time, the same thing bothered me.</p> <p>A <code>.rules</code> file controls access to production data, but in many IDE setups it is treated almost like plain text.</p> <p>No proper structure awareness.<br> No useful formatting.<br> No diagnostics while editing.<br> No symbol support for helper functions.</p> <p>For something that decides who can read and write your data, that feels wrong.</p> <p>So I built <strong>hotrulez</strong>, a free and open-source JetBrains plugin for Firebase Security Rules.</p> <h2> What hotrulez does </h2> <p>hotrulez adds IDE support for <code>.rules</code> files inside IntelliJ-based IDEs, including Android Studio.</p> <p>It currently supports:</p> <ul> <li>syntax highlighting</li> <li>formatting</li> <li>parse error diagnostics</li> <li>structure-aware rule parsing</li> <li>helper/function symbol support</li> </ul> <p>The goal is simple: make Firebase Security Rules easier to read, write, and maintain in the IDE where many Firebase developers already work.</p> <h2> What it does not do </h2> <p>hotrulez does <strong>not</strong> evaluate authentication logic.</p> <p>It does <strong>not</strong> replace the Firebase Emulator Suite.</p> <p>It does <strong>not</strong> tell you whether your rules are secure.</p> <p>That part still belongs to proper tests, reviews, and Firebase’s own tooling.</p> <p>The plugin focuses on the editor experience: helping <code>.rules</code> files feel like real code instead of a plain text blob.</p> <h2> Why I built it </h2> <p>Security rules tend to grow slowly.</p> <p>At first, they are small enough that you can keep everything in your head. Then helper functions appear. Then nested <code>match</code> blocks grow. Then multiple collections get different access patterns. Eventually, the file becomes important enough that editing it without language support feels uncomfortable.</p> <p>I wanted a free, open-source option that made this experience better in JetBrains IDEs.</p> <p>So I built one.</p> <h2> Who it is for </h2> <p>hotrulez is probably useful if you:</p> <ul> <li>use Firebase or Cloud Firestore</li> <li>edit <code>.rules</code> files in Android Studio or IntelliJ</li> <li>maintain larger Firestore rulesets</li> <li>want basic IDE support without using a paid plugin</li> <li>prefer open-source developer tooling</li> </ul> <h2> Links </h2> <p>GitHub: <a href="https://github.com/lezli01/hotrulez" rel="noopener noreferrer">hotrulez</a><br> JetBrains Marketplace: <a href="https://plugins.jetbrains.com/plugin/32552-firebase-rules-hotrulez-" rel="noopener noreferrer">Firebase Rules</a></p> <p>Feedback, bug reports, and feature ideas are very welcome, especially from people maintaining larger Firebase Security Rules files.</p> firebase jetbrains androidstudio opensource