84 lines
3.1 KiB
YAML
84 lines
3.1 KiB
YAML
# .brooks-lint.yaml — project configuration for brooks-lint
|
|
#
|
|
# Copy this file to your project root and rename it to .brooks-lint.yaml
|
|
# All settings are optional. Omit any section to use the default.
|
|
#
|
|
# Full documentation: https://github.com/hyhmrright/brooks-lint
|
|
|
|
version: 1
|
|
|
|
# disable: skip these risks entirely (omitted from report and Health Score)
|
|
# Valid codes: R1 R2 R3 R4 R5 R6 (code decay) and T1 T2 T3 T4 T5 T6 (test decay)
|
|
#
|
|
# disable:
|
|
# - T5 # Coverage Illusion — we don't enforce coverage metrics
|
|
# - R4 # Accidental Complexity — intentionally verbose patterns in this domain
|
|
|
|
# severity: override the severity tier for a specific risk
|
|
# Valid values: critical | warning | suggestion
|
|
#
|
|
# severity:
|
|
# R1: suggestion # downgrade Cognitive Overload to suggestion
|
|
# R2: critical # promote Change Propagation to critical
|
|
|
|
# ignore: glob patterns — files matching these are excluded from analysis
|
|
#
|
|
# ignore:
|
|
# - "**/*.generated.*"
|
|
# - "**/vendor/**"
|
|
# - "**/migrations/**"
|
|
# - "**/__snapshots__/**"
|
|
|
|
# focus: only evaluate these risks (non-empty list; cannot combine with disable)
|
|
# Omit this key entirely to evaluate all non-disabled risks.
|
|
#
|
|
# focus:
|
|
# - R2
|
|
# - R5
|
|
|
|
# suppress: findings dismissed during triage — auto-generated by triage mode, can be hand-edited
|
|
# Each entry suppresses a finding that matches both risk code and file path pattern.
|
|
# reason is required. expires (optional) is a date after which the suppression lapses.
|
|
#
|
|
# suppress:
|
|
# - risk: R1
|
|
# pattern: "utils/legacy-parser.js"
|
|
# reason: "Accepted complexity — rewrite planned for Q3"
|
|
# date: "2026-04-16"
|
|
# - risk: T5
|
|
# pattern: "**/__tests__/integration/**"
|
|
# reason: "Integration tests intentionally skip coverage checks"
|
|
# date: "2026-04-16"
|
|
# expires: "2026-07-16"
|
|
|
|
# custom_risks: define project-specific decay risks with Cx codes (C1, C2, ...)
|
|
# Cx codes become valid targets for disable, focus, and severity fields above.
|
|
#
|
|
# custom_risks:
|
|
# C1:
|
|
# name: Security Debt
|
|
# question: "Are there known security vulnerabilities being deferred?"
|
|
# symptoms:
|
|
# - "Hardcoded credentials or API keys"
|
|
# - "Missing input validation on user-facing endpoints"
|
|
# - "Dependencies with known CVEs not updated"
|
|
# severity:
|
|
# critical: "Exploitable vulnerability in production"
|
|
# warning: "Known vulnerability with mitigating controls"
|
|
# suggestion: "Best-practice deviation with no current exposure"
|
|
# C2:
|
|
# name: Accessibility Debt
|
|
# question: "Does the UI meet WCAG 2.1 AA standards?"
|
|
# symptoms:
|
|
# - "Missing alt text on images"
|
|
# - "Insufficient color contrast ratios"
|
|
# - "No keyboard navigation support"
|
|
# severity:
|
|
# critical: "Core flows inaccessible to screen readers"
|
|
# warning: "Secondary flows missing accessibility support"
|
|
# suggestion: "Minor ARIA label improvements"
|
|
|
|
# History file: .brooks-lint-history.json is written after each run.
|
|
# Add to .gitignore if you don't want to track scores in version control.
|
|
# Keep it committed if you want team-visible trend data.
|