-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.cartomancer.toml
More file actions
54 lines (46 loc) · 2.19 KB
/
.cartomancer.toml
File metadata and controls
54 lines (46 loc) · 2.19 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
# Cartomancer configuration
# Copy to .cartomancer.local.toml for secrets (gitignored).
[opengrep]
rules = ["auto"]
timeout_seconds = 120
# exclude = [".github/", "config/database.yml", "etc/absences/"]
# jobs = 4 # optional, defaults to opengrep auto-detection (~num CPUs)
# taint_intrafile = false # cross-function taint analysis within files
# ignore_pattern = "nosec" # custom inline ignore annotation
# enclosing_context = false # add surrounding function/class to findings (improves LLM deepening)
# dynamic_timeout = false # file-size-scaled timeouts instead of flat timeout_seconds
# dynamic_timeout_unit_kb = 10 # base timeout unit in KB (only when dynamic_timeout = true)
# dynamic_timeout_max_multiplier = 5.0 # max multiplier (only when dynamic_timeout = true)
# rules_dir = ".cartomancer/rules" # auto-discover custom YAML rules (default)
[knowledge]
# knowledge_file = ".cartomancer/knowledge.md" # company context for LLM deepening (default)
# system_prompt = "You are reviewing a fintech codebase. Prioritize payment flow findings."
# max_knowledge_chars = 8000 # truncation limit for knowledge file (default)
# Per-rule severity overrides (uncomment and customize):
# [knowledge.rules."generic.security.hardcoded-secret"]
# min_severity = "critical"
# always_deepen = true
#
# [knowledge.rules."company.no-unwrap-in-production"]
# min_severity = "warning"
# always_deepen = true
[llm]
provider = "ollama"
ollama_base_url = "http://localhost:11434"
ollama_model = "gemma4"
# anthropic_api_key = "sk-ant-..." # prefer ANTHROPIC_API_KEY env var
anthropic_model = "claude-sonnet-4-20250514"
max_tokens = 4096
# max_concurrent_deepening = 4 # concurrent LLM requests (default: 4)
[storage]
# db_path = ".cartomancer.db" # default, relative to working directory
[severity]
blast_radius_threshold = 5
llm_deepening_threshold = "error"
# impact_depth = 3
# cartog_db_path = ".cartog.db" # path to cartog database, relative to scanned directory
# [github]
# token = "" # prefer GITHUB_TOKEN env var
# webhook_secret = "" # required for `cartomancer serve` (HMAC-SHA256 validation)
# [serve]
# max_concurrent_reviews = 4 # semaphore-bounded concurrent PR reviews