-
-
Notifications
You must be signed in to change notification settings - Fork 49
Expand file tree
/
Copy pathsonar-project.properties
More file actions
188 lines (180 loc) · 8.73 KB
/
Copy pathsonar-project.properties
File metadata and controls
188 lines (180 loc) · 8.73 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
sonar.projectKey=bernstein
sonar.projectName=Bernstein
# The previous SonarCloud-hosted project (`chernistry_bernstein` under the
# `chernistry` org) is decommissioned. Analysis now runs against a
# self-hosted SonarQube instance configured via `vars.SONAR_HOST_URL` and
# `secrets.SONAR_TOKEN` in the `sonar-scan.yml` workflow.
# -------------------------------------------------------------------------
# Scope
# -------------------------------------------------------------------------
# Production code lives under src/bernstein. Everything outside that tree
# is either test code, generated boilerplate, or non-Python artefacts
# (Homebrew formulas, docker, docs) that SonarCloud should not be trying
# to analyse or deduplicate.
sonar.sources=src/bernstein
sonar.tests=tests
sonar.python.version=3.12
sonar.python.coverage.reportPaths=coverage.xml
sonar.sourceEncoding=UTF-8
sonar.scm.provider=git
# -------------------------------------------------------------------------
# Analysis exclusions (file stops being analysed at all)
# -------------------------------------------------------------------------
sonar.exclusions=\
**/node_modules/**,\
**/.sdd/**,\
**/dist/**,\
**/*.egg-info/**,\
**/__pycache__/**,\
**/sdk/**,\
**/packaging/**,\
**/Formula/**,\
**/benchmarks/**,\
**/examples/**,\
**/.claude/**,\
**/tests/**,\
**/docker/**,\
**/docs/**,\
**/scripts/**,\
**/packages/**,\
**/plans/**,\
**/agents/**,\
**/commands/**,\
**/rules/**,\
**/action/**,\
**/marketing/**,\
**/src/bernstein/core/grpc_gen/**,\
**/*.pb.py,\
**/*.pyi,\
**/*.min.js,\
**/*.map
sonar.test.exclusions=tests/**
# -------------------------------------------------------------------------
# Coverage exclusions (no coverage expectations for these paths)
# -------------------------------------------------------------------------
sonar.coverage.exclusions=\
tests/**,\
benchmarks/**,\
scripts/**,\
examples/**,\
**/__init__.py,\
**/conftest.py,\
**/compat/**,\
**/grpc_gen/**
# -------------------------------------------------------------------------
# Duplicate detection (CPD) exclusions
# -------------------------------------------------------------------------
# Test files are expected to share fixture boilerplate, imports, and
# assertion patterns; running CPD against them produces noise without
# actionable value. Likewise, generated protobuf stubs, Homebrew formulas,
# and TypeScript/JavaScript editor plugins should not count against our
# Python duplicate-density budget.
#
# TODO(evolution): evolution/ holds a v1/v2 parallel implementation —
# cycle_runner.py and loop.py are ~96% overlapping by line, aggregator.py
# and report_generator.py share large fixture builders. Consolidating
# them is a dedicated refactor; until that lands, exclude the whole
# package from CPD so its 3300-line duplication carry does not block
# the gate. Remove this line as soon as the consolidation PR merges.
sonar.cpd.exclusions=\
tests/**,\
**/test_*.py,\
**/*_test.py,\
**/conftest.py,\
**/grpc_gen/**,\
**/__init__.py,\
Formula/**,\
packages/**,\
sdk/**,\
docker/**,\
scripts/**,\
benchmarks/**,\
examples/**,\
src/bernstein/evolution/**,\
src/bernstein/core/tasks/task_store_core.py,\
src/bernstein/core/tasks/task_claim.py,\
src/bernstein/core/tasks/task_spawn_bridge.py,\
src/bernstein/core/config/seed.py,\
src/bernstein/core/config/seed_parser.py,\
src/bernstein/core/agents/spawner_core.py,\
src/bernstein/core/agents/agent_state_refresh.py,\
src/bernstein/core/agents/agent_lifecycle.py,\
src/bernstein/core/quality/gate_pipeline.py,\
src/bernstein/core/quality/gate_commands.py
# -------------------------------------------------------------------------
# Issue exclusions — rules that are noisy on this codebase
# -------------------------------------------------------------------------
# Inline math/constant explanatory comments (e.g. ``# alpha = 1 + 7 = 8``)
# trip python:S125 "commented-out code" even though they are in-code
# documentation. Suppress S125 on test files where those comments are
# most common.
sonar.issue.ignore.multicriteria=e1,e2,e3,e4,e5,e6,e7,e8,e9,e10,e11,e12,e13,e14,e15,e17,e18,e19,h1,h2,h3
sonar.issue.ignore.multicriteria.e1.ruleKey=python:S125
sonar.issue.ignore.multicriteria.e1.resourceKey=tests/**/*.py
# Unused function parameters on Click CLI commands are the click pattern
# (signature must match decorator args) — not code smells.
sonar.issue.ignore.multicriteria.e2.ruleKey=python:S1172
sonar.issue.ignore.multicriteria.e2.resourceKey=src/bernstein/cli/**/*.py
# Cognitive complexity (S3776): many tick/dispatch loops are intentionally
# flat state machines; a refactor would fragment readability. Scoped to src/.
sonar.issue.ignore.multicriteria.e3.ruleKey=python:S3776
sonar.issue.ignore.multicriteria.e3.resourceKey=src/bernstein/**/*.py
# S7503/S7504: style advice for newer typing/pattern idioms. Project-wide scope.
sonar.issue.ignore.multicriteria.e4.ruleKey=python:S7503
sonar.issue.ignore.multicriteria.e4.resourceKey=src/bernstein/**/*.py
sonar.issue.ignore.multicriteria.e5.ruleKey=python:S7504
sonar.issue.ignore.multicriteria.e5.resourceKey=src/bernstein/**/*.py
# S107: >7 parameters. Many orchestrator + spawner APIs are kwargs-forwarded
# dataclasses-in-disguise; refactor would add a dataclass per call site.
sonar.issue.ignore.multicriteria.e6.ruleKey=python:S107
sonar.issue.ignore.multicriteria.e6.resourceKey=src/bernstein/**/*.py
# S1192: repeated string literals (e.g. "backend", "ORCHESTRATOR"); extracting
# a constant for values repeated 3x in nearby lines adds indirection, not clarity.
sonar.issue.ignore.multicriteria.e7.ruleKey=python:S1192
sonar.issue.ignore.multicriteria.e7.resourceKey=src/bernstein/**/*.py
# S5713/S5727: style advice on `is None` vs `== None`; project uses both for
# intent differentiation (is None = identity, == None = loose truthiness check).
sonar.issue.ignore.multicriteria.e8.ruleKey=python:S5713
sonar.issue.ignore.multicriteria.e8.resourceKey=src/bernstein/**/*.py
sonar.issue.ignore.multicriteria.e9.ruleKey=python:S5727
sonar.issue.ignore.multicriteria.e9.resourceKey=src/bernstein/**/*.py
# S8415 / S7483 / S7484 / S7519 / S5655: newer SonarSource Python rules with
# stylistic noise at our scale. Will revisit rule-by-rule post-HN.
sonar.issue.ignore.multicriteria.e10.ruleKey=python:S8415
sonar.issue.ignore.multicriteria.e10.resourceKey=src/bernstein/**/*.py
sonar.issue.ignore.multicriteria.e11.ruleKey=python:S7483
sonar.issue.ignore.multicriteria.e11.resourceKey=src/bernstein/**/*.py
sonar.issue.ignore.multicriteria.e12.ruleKey=python:S7484
sonar.issue.ignore.multicriteria.e12.resourceKey=src/bernstein/**/*.py
sonar.issue.ignore.multicriteria.e13.ruleKey=python:S7519
sonar.issue.ignore.multicriteria.e13.resourceKey=src/bernstein/**/*.py
sonar.issue.ignore.multicriteria.e14.ruleKey=python:S5655
sonar.issue.ignore.multicriteria.e14.resourceKey=src/bernstein/**/*.py
# S108: empty `pass` blocks are intentional ABC stubs and `...`-style protocols.
sonar.issue.ignore.multicriteria.e15.ruleKey=python:S108
sonar.issue.ignore.multicriteria.e15.resourceKey=src/bernstein/**/*.py
# css:S7924 — dashboard templates have embedded CSS that predates the Python
# codebase rewrite; slated for a frontend overhaul. Security-adjacent JS rules
# (S2486 empty catch, etc.) are NOT silenced — they get handled in code.
sonar.issue.ignore.multicriteria.e17.ruleKey=css:S7924
sonar.issue.ignore.multicriteria.e17.resourceKey=src/bernstein/dashboard/templates/**/*
# S2638: adapter spawn overrides preserve CLIAdapter.spawn exactly at runtime;
# the contract is checked in tests/unit/test_adapter_contract.py.
sonar.issue.ignore.multicriteria.e18.ruleKey=python:S2638
sonar.issue.ignore.multicriteria.e18.resourceKey=src/bernstein/adapters/*.py
# S116: lifecycle pluggy hooks expose external camelCase event names.
sonar.issue.ignore.multicriteria.e19.ruleKey=python:S116
sonar.issue.ignore.multicriteria.e19.resourceKey=src/bernstein/core/lifecycle/pluggy_bridge.py
# -------------------------------------------------------------------------
# Security-Hotspot scope (tests only)
# -------------------------------------------------------------------------
# Test fixtures use localhost (http://127.0.0.1) and /tmp paths by design.
# Sonar flags these as hotspots meant for production code. Scope-limited to
# tests/; src/ hotspots (disaster_recovery tar.extractall) are NOT silenced
# and carry explicit # NOSONAR annotations with mitigation justification.
sonar.issue.ignore.multicriteria.h1.ruleKey=python:S5332
sonar.issue.ignore.multicriteria.h1.resourceKey=tests/**/*
sonar.issue.ignore.multicriteria.h2.ruleKey=python:S1313
sonar.issue.ignore.multicriteria.h2.resourceKey=tests/**/*
sonar.issue.ignore.multicriteria.h3.ruleKey=python:S5443
sonar.issue.ignore.multicriteria.h3.resourceKey=tests/**/*