config

package
v1.6.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 31, 2025 License: MIT Imports: 4 Imported by: 0

Documentation

Overview

Package config provides loading and management of CodexSentinel configuration.

Package config provides configuration loading and default merging for CodexSentinel.

Package config defines the configuration schema for CodexSentinel.

Index

Constants

View Source 
const DefaultConfigFilename = ".codex.yml"

DefaultConfigFilename is the expected name of the configuration file.

Variables

View Source 
var DefaultConfig = Config{
	Scan: ScanConfig{
		IncludeTests:        false,
		IncludeVendor:       false,
		ExcludedPaths:       []string{"testdata/", "vendor/", "scripts/"},
		IncludeGenerated:    false,
		MaxFileSizeBytes:    512 * 1024,
		SupportedExtensions: []string{".go"},
	},
	Rules: RuleConfig{
		Enabled:   []string{"*"},
		Disabled:  []string{},
		Severity:  map[string]string{},
		RulePaths: []string{"rules/"},
		RuleFiles: []string{"rules/security.yml", "rules/conventions.yml"},

		FalsePositiveConfig: FalsePositiveConfig{
			EnableContextAnalysis:  true,
			EnableValidationChecks: true,
			EnableSafePatterns:     true,
			MinConfidence:          0.7,
			MaxFalsePositiveRate:   0.05,
		},
	},
	Report: ReportConfig{
		Formats:       []string{"json"},
		OutputPath:    "report/",
		IncludeIssues: true,
	},
	Dependencies: DependencyConfig{
		CheckVulnerabilities: true,
		CheckLicenses:        true,
		AllowLicenses:        []string{"MIT", "Apache-2.0", "BSD-3-Clause"},
		DenyLicenses:         []string{"AGPL-3.0", "GPL-3.0", "BSL-1.1"},
	},
	Metrics: MetricsConfig{
		Enable:            true,
		MaxFunctionLOC:    80,
		MaxFileLOC:        500,
		MaxCyclomatic:     10,
		EnableDuplication: true,
	},
	Architecture: ArchConfig{
		Enable:            true,
		CheckImportCycles: true,
		CheckLayering:     true,
		CheckGodStructs:   true,
	},
	WebChecks: WebCheckConfig{
		EnableCORSCheck:     true,
		EnableCSRFCheck:     true,
		EnableHeaderChecks:  true,
		EnableAuthChecks:    true,
		EnableInputValidate: true,
	},

	FalsePositiveManagement: FalsePositiveManagementConfig{
		EnableAutoSuppression:      false,
		EnableConfidenceScoring:    true,
		EnableContextAwareAnalysis: true,
		EnableSafePatternDetection: true,
		EnableValidationTracking:   true,
		ConfidenceThreshold:        0.8,
		MaxSuppressionRate:         0.1,
	},
}

DefaultConfig holds the default configuration used when no .codex.yml is provided.

Functions

This section is empty.

Types

type ArchConfig 

type ArchConfig struct {
	Enable            bool `yaml:"enable"`              // Enable architecture analysis
	CheckImportCycles bool `yaml:"check_import_cycles"` // Detect circular dependencies
	CheckLayering     bool `yaml:"check_layering"`      // Detect direct cross-layer calls
	CheckGodStructs   bool `yaml:"check_god_structs"`   // Detect structs with too many responsibilities
}

ArchConfig defines architecture and structural enforcement.

type Config 

type Config struct {
	Scan                    ScanConfig                    `yaml:"scan"`
	Rules                   RuleConfig                    `yaml:"rules"`
	Report                  ReportConfig                  `yaml:"report"`
	Dependencies            DependencyConfig              `yaml:"dependencies"`
	Metrics                 MetricsConfig                 `yaml:"metrics"`
	Architecture            ArchConfig                    `yaml:"architecture"`
	WebChecks               WebCheckConfig                `yaml:"web_checks"`
	FalsePositiveManagement FalsePositiveManagementConfig `yaml:"false_positive_management"`
}

Config represents the full configuration for CodexSentinel.

func Load 

func Load(path string) (Config, error)

Load loads the CodexSentinel configuration from the given file. If the file is not found or invalid, returns default config with an optional warning.

func LoadDefaultPath 

func LoadDefaultPath() (Config, error)

LoadDefaultPath loads configuration from the default file name (.codex.yml).

func LoadDefaultPathPtr added in v0.2.1 

func LoadDefaultPathPtr() (*Config, error)

LoadDefaultPathPtr loads configuration from the default file name and returns a pointer.

func LoadFromPath added in v0.2.1 

func LoadFromPath(path string) (*Config, error)

LoadFromPath loads configuration from a specific file path and returns a pointer.

type DependencyConfig 

type DependencyConfig struct {
	CheckVulnerabilities bool     `yaml:"check_vulnerabilities"` // Enable CVE audit
	CheckLicenses        bool     `yaml:"check_licenses"`        // Enable license scan
	AllowLicenses        []string `yaml:"allow_licenses"`        // Allowlisted licenses
	DenyLicenses         []string `yaml:"deny_licenses"`         // Denylisted licenses
}

DependencyConfig defines settings for dependency audit.

type FalsePositiveConfig added in v1.6.0 

type FalsePositiveConfig struct {
	EnableContextAnalysis  bool    `yaml:"enable_context_analysis"`  // Enable context-aware analysis
	EnableValidationChecks bool    `yaml:"enable_validation_checks"` // Check for validation functions
	EnableSafePatterns     bool    `yaml:"enable_safe_patterns"`     // Enable safe pattern detection
	MinConfidence          float64 `yaml:"min_confidence"`           // Minimum confidence threshold
	MaxFalsePositiveRate   float64 `yaml:"max_false_positive_rate"`  // Maximum acceptable false positive rate
}

FalsePositiveConfig defines false positive management settings

type FalsePositiveManagementConfig added in v1.6.0 

type FalsePositiveManagementConfig struct {
	EnableAutoSuppression      bool    `yaml:"enable_auto_suppression"`       // Automatically suppress low-confidence findings
	EnableConfidenceScoring    bool    `yaml:"enable_confidence_scoring"`     // Enable confidence scoring for findings
	EnableContextAwareAnalysis bool    `yaml:"enable_context_aware_analysis"` // Enable context-aware analysis
	EnableSafePatternDetection bool    `yaml:"enable_safe_pattern_detection"` // Detect safe patterns to reduce false positives
	EnableValidationTracking   bool    `yaml:"enable_validation_tracking"`    // Track validation functions
	ConfidenceThreshold        float64 `yaml:"confidence_threshold"`          // Confidence threshold for reporting
	MaxSuppressionRate         float64 `yaml:"max_suppression_rate"`          // Maximum rate of suppressed findings
}

FalsePositiveManagementConfig defines advanced false positive management

type MetricsConfig 

type MetricsConfig struct {
	Enable            bool `yaml:"enable"`             // Enable code metrics
	MaxFunctionLOC    int  `yaml:"max_function_loc"`   // Max lines of code per function
	MaxFileLOC        int  `yaml:"max_file_loc"`       // Max lines of code per file
	MaxCyclomatic     int  `yaml:"max_cyclomatic"`     // Max cyclomatic complexity
	EnableDuplication bool `yaml:"enable_duplication"` // Enable detection of duplicated code
}

MetricsConfig defines static code metric thresholds.

type ReportConfig 

type ReportConfig struct {
	Formats       []string `yaml:"formats"`        // List of output formats: json, sarif, html, markdown
	OutputPath    string   `yaml:"output_path"`    // Directory to write report files
	IncludeIssues bool     `yaml:"include_issues"` // Include individual issues in report
}

ReportConfig defines output formats and report generation settings.

type RuleConfig 

type RuleConfig struct {
	Enabled             []string            `yaml:"enabled"`               // List of enabled rule IDs or "*" for all
	Disabled            []string            `yaml:"disabled"`              // List of disabled rule IDs
	Severity            map[string]string   `yaml:"severity"`              // Override severity for specific rules
	RulePaths           []string            `yaml:"rule_paths"`            // Directories where YAML rules are stored
	RuleFiles           []string            `yaml:"rule_files"`            // Specific YAML rule files to load
	FalsePositiveConfig FalsePositiveConfig `yaml:"false_positive_config"` // False positive management settings
}

RuleConfig defines rule loading and filtering behavior.

type ScanConfig 

type ScanConfig struct {
	IncludeTests        bool     `yaml:"include_tests"`        // Include *_test.go files
	IncludeVendor       bool     `yaml:"include_vendor"`       // Include vendor directory
	IncludeGenerated    bool     `yaml:"include_generated"`    // Include generated files
	ExcludedPaths       []string `yaml:"excluded_paths"`       // Paths to exclude from scanning
	MaxFileSizeBytes    int      `yaml:"max_file_size_bytes"`  // Max size of files to scan
	SupportedExtensions []string `yaml:"supported_extensions"` // File extensions to scan
}

ScanConfig defines parameters for scanning source code.

type WebCheckConfig 

type WebCheckConfig struct {
	EnableCORSCheck     bool `yaml:"enable_cors_check"`     // Check for open CORS
	EnableCSRFCheck     bool `yaml:"enable_csrf_check"`     // Check for CSRF protection
	EnableHeaderChecks  bool `yaml:"enable_header_checks"`  // Check for missing security headers
	EnableAuthChecks    bool `yaml:"enable_auth_checks"`    // Check for auth validations in handlers
	EnableInputValidate bool `yaml:"enable_input_validate"` // Check for unvalidated inputs
}

WebCheckConfig defines security-related web analysis settings.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.