.sebastionai.yml config

Drop a .sebastionai.yml at the root of any repo Sebastion AI is installed on to customise its behaviour. The file is read from the default branch on every PR. Sensible defaults apply to every key, so the file is entirely optional. Start without one and add only the keys you actually need to override.

Example

# .sebastionai.yml: Sebastion AI per-repo config.
# All keys are optional; this file shows the defaults plus a few common tweaks.

# Drop findings less severe than this. One of: critical, high, medium, low, info.
severity_threshold: low

# Glob list of paths to ignore. Supports `*` (within a segment) and `**` (across).
ignore_paths:
  - "**/*.test.ts"
  - "**/*.spec.ts"
  - "vendor/**"
  - "third_party/**"

# Suppress findings by rule id. Works for AI rules ("sql-injection",
# "missing-helmet"), OSV ids ("CVE-2019-10744", "GHSA-29mw-wpgm-hmr9"),
# and secret-scanner ids ("generic-high-entropy", "jwt").
disable_rules:
  - missing-body-parser-limit

# Skip whole scanners. One or more of: llm, osv, secrets, semgrep, checkov.
disable_scanners: []

# Map finding severity to the GitHub review event we post.
# One of: request_changes, comment, approve.
review_event:
  on_critical: request_changes
  on_high: comment
  default: comment

Reference

Filter order

Findings flow through the pipeline in this order:

1. All scanners run in parallel (subject to disable_scanners): the LLM audit, OSV.dev for dependency CVEs, the regex secret scan, plus Semgrep (pattern-based SAST) and Checkov (IaC) in a Cloudflare Container.
2. Findings are merged into a single list.
3. Noise reweight. A curated set of best-practice rule ids (missing-helmet, missing-body-parser-limit, etc.) get demoted to info severity by default.
4. LLM ↔ OSV dedupe. When the AI flags a dependency vuln on the same (file, line) as an OSV CVE, the AI duplicate is dropped.
5. severity_threshold filter.
6. ignore_paths filter.
7. disable_rules filter.
8. Sort by severity, render as inline review comments.

Cache

To save GitHub API quota, Sebastion caches your config for 5 minutes in KV. A push to your default branch invalidates the cache immediately, so config changes take effect on the next PR.

Validation

Unknown keys, invalid enum values and malformed YAML do not crash the audit. Sebastion falls back to defaults for the offending field and posts a polite error comment on the PR (deduped to once per repo per UTC day) so you know your config has issues without spamming you.

Examples

"Only show me critical and high"

severity_threshold: high

"Don't audit my test fixtures"

ignore_paths:
  - "**/__tests__/**"
  - "**/*.test.*"
  - "**/*.spec.*"
  - "test-fixtures/**"

"I have my own SCA scanner, skip OSV"

disable_scanners:
  - osv

"Don't block merge, just comment"

review_event:
  on_critical: comment
  on_high: comment
  default: comment

"Suppress a noisy rule"

disable_rules:
  - missing-helmet
  - generic-high-entropy

Suggest-model files: AGENTS.md and friends

Beyond .sebastionai.yml, Sebastion also auto-loads suppression markers from the four files agentic coding tools already read for context:

• AGENTS.md
• CLAUDE.md
• .cursorrules
• .github/copilot-instructions.md

A single-line marker in any of them creates a Learning:

# sebastion: ignore <rule_id> in <glob>

This is read from your base / default branch only — markers in a PR have no effect until that PR is merged. See False positives and Learnings for the rule grammar, the security properties, and how to remove a Learning.

disable_rules in .sebastionai.yml is the right tool for repo-wide suppressions you want versioned in the repo itself. The auto-detected files + the @sebastionai ignore chat command are the right tool for path-scoped suppressions you want to maintain alongside the file they apply to (or by replying on the finding comment itself).