Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.codeant.ai/llms.txt

Use this file to discover all available pages before exploring further.

Overview

CodeAnt AI allows you to configure analysis settings at multiple levels. You can control which analyses are enabled, set file include/exclude patterns, and tune thresholds like the maintainability index — all through a clear precedence hierarchy.

Configuration Precedence

When multiple configuration sources exist, CodeAnt AI resolves them in the following order (highest priority first):
PrioritySourceDescription
1 (Highest)Inline (CI/CD parameters)Parameters passed directly when triggering an analysis (e.g., include_files, exclude_files in API calls or CI/CD pipeline configuration)
2Repository file.codeant/configuration.json checked into your repository
3 (Lowest)UI settingsConfiguration set through the CodeAnt AI dashboard under Settings > Analysis Configuration
Each level only overrides the specific fields it defines. If a field is not set at a higher-priority level, the value from the next level down is used. Example: If your UI settings enable all analyses, but your .codeant/configuration.json disables secrets_analysis, secrets scanning will be skipped. If you then pass include_files=src/** inline via CI/CD, only the src/ directory will be scanned — but the disabled secrets analysis from the repo config still applies.

Repository Configuration File

Create a configuration.json file in the .codeant folder at your repository root: 
your-repo/
├── .git/
├── .codeant/
│   └── configuration.json
├── src/
└── package.json

Configuration Format

{
  "code_analysis": {
    "enabled": true,
    "features": {
      "sast_analysis": "enabled",
      "secrets_analysis": "enabled",
      "sca_analysis": "enabled",
      "iac_analysis": "enabled",
      "deadcode_analysis": "enabled",
      "duplicatecode_analysis": "enabled",
      "antipatterns_analysis": "enabled",
      "docstring_analysis": "enabled",
      "complex_function_analysis": "enabled"
    },
    "config": {
      "complexity": {
        "maintainability_index": 15
      }
    }
  },
  "file_filters": {
    "config": {
      "include_files": "",
      "exclude_files": ""
    }
  }
}

Configuration Options

Code Analysis

  • enabled (boolean): Master toggle for all code analysis. Set to false to skip all analyses for this repository.
  • features (object): Toggle individual analyses. Each key accepts "enabled" or "disabled".
FeatureDescription
sast_analysisStatic Application Security Testing — detects security vulnerabilities
secrets_analysisScans for exposed secrets like API keys and credentials
sca_analysisSoftware Composition Analysis — checks dependencies for known vulnerabilities
iac_analysisInfrastructure as Code scanning for misconfigurations
deadcode_analysisIdentifies unused code that can be safely removed
duplicatecode_analysisDetects code duplication
antipatterns_analysisDetects common code antipatterns
docstring_analysisAnalyzes code documentation quality
complex_function_analysisFlags functions exceeding the maintainability index threshold
  • config.complexity.maintainability_index (number, 0-100): Threshold for complex function detection. Functions with a maintainability index below this value are flagged. Default: 15.

File Filters

  • config.include_files (string): Comma-separated glob patterns. Only files matching these patterns will be analyzed. Example: "src/**,lib/**".
  • config.exclude_files (string): Comma-separated glob patterns. Files matching these patterns will be excluded from analysis. Example: "node_modules/**,dist/**,**/*.test.js".
If both include_files and exclude_files are specified, include_files takes precedence — only included files are considered, and exclude patterns are ignored.

Sample Configurations

Security-focused scan only

{
  "code_analysis": {
    "enabled": true,
    "features": {
      "sast_analysis": "enabled",
      "secrets_analysis": "enabled",
      "sca_analysis": "enabled",
      "iac_analysis": "enabled",
      "deadcode_analysis": "disabled",
      "duplicatecode_analysis": "disabled",
      "antipatterns_analysis": "disabled",
      "docstring_analysis": "disabled",
      "complex_function_analysis": "disabled"
    }
  }
}

Scan only the src/ directory

{
  "file_filters": {
    "config": {
      "include_files": "src/**",
      "exclude_files": ""
    }
  }
}

Disable all analysis for a repository

{
  "code_analysis": {
    "enabled": false
  }
}

Best Practices

  • Version control your config: Checking .codeant/configuration.json into the repository ensures the whole team shares the same analysis settings and changes are reviewed via pull requests.
  • Start with defaults: Only override what you need. Omitted fields inherit from UI settings or defaults.
  • Use inline parameters for one-off overrides: If you need a different scope for a specific CI run, pass include_files or exclude_files inline rather than modifying the repo config.
  • Keep file filters focused: Prefer narrow include_files patterns over broad exclude_files to make intent clear.