project-specific-rules/config.example.yaml at main · diffray/project-specific-rules · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
# DiffRay Configuration Example
# Copy this file to .diffray/config.yaml in your project root

version: 1

# Global file filters
# These patterns are applied BEFORE rule matching
filters:
  # Use default exclusions (lock files, binaries, generated code, etc.)
  # Set to false to disable all default exclusions
  useDefaults: true

  # Additional patterns to exclude from review
  # Use glob patterns - these files will never be reviewed
  exclude:
    - '**/*.generated.ts'
    - '**/auto-generated/**'
    - '**/*.fixture.json'
    - 'legacy/**'
    - 'vendor/**'

  # Patterns to re-include (override default exclusions)
  # Use this to review files that would normally be excluded
  include:
    - 'package.json'
    - 'tsconfig.json'
    - '.eslintrc.json'

# Review settings
review:
  # Maximum files to review per PR (0 = no limit)
  maxFiles: 150

  # AI model for reviews (overrides REVIEW_MODEL env var)
  # Options: opus (most capable), sonnet (balanced), haiku (fastest)
  model: sonnet

  # Minimum confidence threshold (0-100)
  # Only issues with confidence >= this value will be reported
  # Default: 60
  minConfidence: 60

  # Minimum importance threshold (0-10)
  # Only issues with importance >= this value will be reported
  # Default: 1
  minImportance: 1

# Rules settings
rules:
  # Run ONLY these rules by ID (all others are ignored)
  # Useful for focused reviews on specific checks
  # only:
  #   - sec_sql_injection
  #   - sec_xss_dangerously_set_html

  # Exclude specific rules by ID
  exclude:
    - doc_missing_jsdoc
    - doc_readme_required

  # Tag-based filtering
  # Available tags: security, performance, bugs, error-handling, maintainability,
  # readability, style-conventions, type-safety, architecture, testing, documentation,
  # typescript, javascript, python, go, java, react, nextjs, vue, angular, docker, etc.
  tags:
    # Run ONLY rules with these tags (all others are ignored)
    # only:
    #   - security
    #   - performance

    # Exclude rules with these tags
    exclude:
      - documentation
      - style-conventions

  # Agent-based filtering
  # Available agents: security, performance, bugs, architecture, quality,
  # consistency, testing, documentation, general
  agents:
    # Run ONLY rules processed by these agents
    # only:
    #   - security
    #   - bugs

    # Exclude rules processed by these agents
    # exclude:
    #   - documentation
    #   - consistency

# ─────────────────────────────────────────────────────────────────────────────
# Example configurations for different use cases:
# ─────────────────────────────────────────────────────────────────────────────

# Security-only review (only security agent):
# rules:
#   agents:
#     only:
#       - security

# Quick review (exclude slow agents):
# review:
#   model: haiku
# rules:
#   agents:
#     exclude:
#       - documentation
#       - architecture

# Security + bugs only:
# rules:
#   agents:
#     only:
#       - security
#       - bugs

# TypeScript project (by tags):
# rules:
#   tags:
#     only:
#       - typescript
#       - security
#       - bugs

# React/Next.js project:
# rules:
#   tags:
#     only:
#       - react
#       - nextjs
#       - security
#       - performance

# Compliance review:
# rules:
#   tags:
#     only:
#       - compliance-gdpr
#       - compliance-soc2
#       - compliance-pci-dss
#       - security
#       - privacy