config.json¶
The main configuration file for Code Scalpel settings.
Location¶
Minimal Example¶
Full Example¶
{
"project_name": "My Production App",
"language": "python",
"version": "1.0",
"license": {
"path": "/path/to/license.jwt",
"auto_discover": true
},
"analysis": {
"max_file_size_mb": 10,
"exclude_patterns": [
"**/__pycache__/**",
"**/node_modules/**",
"**/*.min.js"
],
"include_patterns": [
"src/**/*.py",
"tests/**/*.py"
]
},
"security": {
"taint_sources": ["request", "input", "environ"],
"dangerous_sinks": ["execute", "system", "eval"],
"custom_sanitizers": ["escape_html", "sanitize_sql"]
},
"output": {
"format": "json",
"verbosity": "normal",
"include_metadata": true
},
"governance_profile": "default",
"features": {
"oracle_middleware": true,
"fuzzy_matching": true,
"auto_backup": true
}
}
Configuration Options¶
Project Settings¶
| Key | Type | Default | Description |
|---|---|---|---|
project_name | string | — | Project identifier |
language | string | "auto" | Primary language (python, javascript, typescript, java) |
version | string | — | Project version |
License Settings¶
| Key | Type | Default | Description |
|---|---|---|---|
license.path | string | — | Path to license file |
license.auto_discover | bool | true | Search for license automatically |
License discovery checks:
CODE_SCALPEL_LICENSE_PATHenvironment variable.code-scalpel/license.jwt~/.code-scalpel/license.jwt
Analysis Settings¶
| Key | Type | Default | Description |
|---|---|---|---|
analysis.max_file_size_mb | number | 10 | Skip files larger than this |
analysis.exclude_patterns | string[] | [] | Glob patterns to exclude |
analysis.include_patterns | string[] | ["*/"] | Glob patterns to include |
Common exclude patterns:
{
"analysis": {
"exclude_patterns": [
"**/__pycache__/**",
"**/node_modules/**",
"**/.git/**",
"**/dist/**",
"**/build/**",
"**/*.min.js",
"**/*.map"
]
}
}
Security Settings¶
| Key | Type | Default | Description |
|---|---|---|---|
security.taint_sources | string[] | [...] | Additional taint sources |
security.dangerous_sinks | string[] | [...] | Additional dangerous sinks |
security.custom_sanitizers | string[] | [] | Functions that sanitize data |
Default taint sources: - request (Flask, Django) - input (Python built-in) - environ (os.environ) - sys.argv (command line) - read (file contents)
Default dangerous sinks: - execute (SQL) - system, popen (commands) - eval, exec (code execution) - open (file access) - render (template rendering)
Output Settings¶
| Key | Type | Default | Description |
|---|---|---|---|
output.format | string | "json" | Output format (json, text, markdown) |
output.verbosity | string | "normal" | Detail level (minimal, normal, verbose) |
output.include_metadata | bool | true | Include tier, timing info |
Governance Profile¶
| Key | Type | Default | Description |
|---|---|---|---|
governance_profile | string | "default" | Profile name |
Profiles: permissive, minimal, default, restrictive
Feature Flags¶
| Key | Type | Default | Description |
|---|---|---|---|
features.oracle_middleware | bool | true | Enable error recovery |
features.fuzzy_matching | bool | true | Enable typo correction |
features.auto_backup | bool | true | Backup before updates |
Environment Variable Overrides¶
Any setting can be overridden with environment variables:
# Override license path
export CODE_SCALPEL_LICENSE_PATH=/custom/path/license.jwt
# Override verbosity
export CODE_SCALPEL_OUTPUT_VERBOSITY=verbose
# Disable oracle middleware
export CODE_SCALPEL_FEATURES_ORACLE_MIDDLEWARE=false
Validation¶
Check your configuration:
Examples¶
Python Django Project¶
{
"project_name": "Django App",
"language": "python",
"analysis": {
"exclude_patterns": [
"**/migrations/**",
"**/static/**"
],
"include_patterns": [
"**/apps/**/*.py",
"**/core/**/*.py"
]
},
"security": {
"taint_sources": ["request.GET", "request.POST", "request.FILES"]
}
}
TypeScript React Project¶
{
"project_name": "React App",
"language": "typescript",
"analysis": {
"exclude_patterns": [
"**/node_modules/**",
"**/build/**",
"**/*.test.tsx"
],
"include_patterns": [
"src/**/*.tsx",
"src/**/*.ts"
]
}
}
Monorepo¶
{
"project_name": "Monorepo",
"language": "auto",
"analysis": {
"include_patterns": [
"packages/api/src/**/*.py",
"packages/web/src/**/*.ts",
"packages/shared/src/**/*"
]
}
}
Next Steps¶
- governance.yaml - Set up governance