Config File

Place a codesentinel.json file in the root of your repository to configure scanning behaviour for both the VS Code plugin and the GitHub App. Project-level settings override account-level defaults.

Full example

{
  "$schema": "https://codesentinel.dev/schema/v1.json",

  "mergePolicy": {
    "blockOn": ["critical", "high"],
    "warnOn": ["medium"]
  },

  "rules": {
    "exclude": ["CS1042", "CS2018"],
    "custom": []
  },

  "ignore": {
    "patterns": [
      "**/node_modules/**",
      "**/dist/**",
      "**/build/**",
      "**/*.generated.ts",
      "**/__tests__/**"
    ]
  },

  "languages": {
    "enabled": ["javascript", "typescript", "python"]
  },

  "notifications": {
    "slack": {
      "webhook": "${env:SLACK_WEBHOOK_URL}",
      "on": ["critical"]
    }
  }
}

Schema reference

mergePolicy

Controls which severity levels block or warn on pull requests. See the Merge Policies page for full documentation.

rules.exclude

An array of rule IDs to suppress globally. Use inline ignore comments to suppress individual occurrences.

ignore.patterns

Glob patterns (relative to repository root) of files and directories to skip during scanning. Supports ** globstar syntax.

languages.enabled

Restrict scanning to specific languages. By default all supported languages are scanned. Useful to exclude languages you don't maintain.

notifications.slack.webhook

Slack incoming webhook URL. Supports ${env:VAR_NAME} syntax to read from environment variables — never commit a raw webhook URL.