diffscope/.diffscope.yml.example at main · evalops/diffscope · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
# DiffScope Configuration Example
# Rename this file to .diffscope.yml to use

# Model configuration
model: gpt-4o
temperature: 0.2
max_tokens: 4000
max_context_chars: 20000  # 0 disables context truncation
max_diff_chars: 40000     # 0 disables diff truncation
context_max_chunks: 24    # Max context chunks sent to the model per file
context_budget_chars: 24000 # Max chars across ranked context chunks per file
min_confidence: 0.0       # Drop comments below this confidence (0.0-1.0)
strictness: 2             # 1 = high-signal only, 2 = balanced, 3 = deep scan
comment_types:            # logic | syntax | style | informational
  - logic
  - syntax
  - style
  - informational
review_profile: balanced  # balanced | chill | assertive
review_instructions: |
  Prioritize security and correctness issues. Avoid stylistic comments unless they impact maintainability.
smart_review_summary: true   # Include AI-generated PR summary in smart-review output
smart_review_diagram: false  # Generate a Mermaid diagram in smart-review output
symbol_index: true           # Build repo symbol index for cross-file context (respects .gitignore)
symbol_index_provider: regex # regex | lsp
symbol_index_lsp_command: rust-analyzer # optional; omit to auto-detect
symbol_index_lsp_languages:
  rs: rust
# For TypeScript (example):
#  ts: typescript
#  tsx: typescriptreact
#  js: javascript
#  jsx: javascriptreact
symbol_index_max_files: 500
symbol_index_max_bytes: 200000
symbol_index_max_locations: 5
symbol_index_graph_hops: 2
symbol_index_graph_max_files: 12
feedback_path: ".diffscope.feedback.json"

# Optional Greptile-like scoped context bundles.
# notes become additional reviewer instructions, files are loaded as reference context.
custom_context:
  - scope: "src/api/**"
    notes:
      - "Auth endpoints must enforce tenant isolation and rate limits."
      - "Prefer idempotent handlers for retries."
    files:
      - "docs/security/*.md"
      - "src/config/**/*.yml"

# Cross-repo pattern libraries (local path or git URL).
pattern_repositories:
  - source: "../shared-review-patterns"
    scope: "src/**"
    include_patterns:
      - "rules/**/*.md"
      - "examples/**/*.yml"
    max_files: 8
    max_lines: 200
    rule_patterns:
      - "policy/**/*.yml"
      - "policy/**/*.json"
    max_rules: 200

# Rule files to load directly from this repository.
# If omitted, diffscope auto-discovers .diffscope-rules.{yml,yaml,json} and rules/**/*.y{a,}ml/json.
rules_files:
  - ".diffscope-rules.yml"
  - "rules/**/*.yml"
max_active_rules: 30
rule_priority:
  - "sec.shell.injection"
  - "sec.auth.guard"
  - "reliability.unwrap_panic"

# API configuration (optional - can use environment variables)
# api_key: your-api-key-here
# base_url: https://api.openai.com/v1
# openai_use_responses: true  # Use OpenAI Responses API instead of chat completions

# Global exclude patterns
exclude_patterns:
  - "**/*.generated.*"
  - "**/node_modules/**"
  - "**/target/**"
  - "**/.git/**"
  - "**/dist/**"
  - "**/build/**"

# Path-specific configurations
paths:
  # API endpoints need extra security focus
  "src/api/**":
    focus:
      - security
      - validation
      - authentication
    review_instructions: |
      Treat auth and input validation as critical. Flag missing rate limits and unsafe defaults.
    severity_overrides:
      security: error  # Elevate all security issues to errors
    system_prompt: |
      Pay special attention to:
      - SQL injection vulnerabilities
      - Authentication bypass risks
      - Input validation gaps
      - Rate limiting implementation

  # Test files have different requirements
  "tests/**":
    focus:
      - coverage
      - assertions
      - test_quality
    severity_overrides:
      style: suggestion  # Downgrade style issues in tests
    ignore_patterns:
      - "*.snapshot"
      - "*.fixture"

  # Frontend components
  "src/components/**":
    focus:
      - accessibility
      - performance
      - react_best_practices
    extra_context:
      - "src/styles/theme.ts"  # Always include theme context

  # Database migrations are critical
  "migrations/**":
    focus:
      - data_integrity
      - rollback_safety
      - performance
    severity_overrides:
      bug: error  # All bugs in migrations are critical
    system_prompt: |
      Database migrations are critical. Check for:
      - Data loss risks
      - Rollback capability
      - Index performance impact
      - Lock duration concerns

  # Documentation files
  "docs/**":
    focus:
      - clarity
      - completeness
      - examples
    severity_overrides:
      bug: info  # Bugs in docs are less critical

# Plugin configuration
plugins:
  eslint: true
  semgrep: true
  duplicate_filter: true