-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathjava-config.toml
More file actions
126 lines (116 loc) · 7.62 KB
/
java-config.toml
File metadata and controls
126 lines (116 loc) · 7.62 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
# Code Scanner Configuration for Java Projects
# Human-focused checks - linters (Checkstyle, SpotBugs) handle syntax/style.
#
# Copy this file to your project root as `config.toml`.
# ==============================================================================
# LLM Backend Configuration
# ==============================================================================
[llm]
# LM Studio (default)
backend = "lm-studio" # Backend type: "lm-studio" or "ollama"
host = "localhost" # Server hostname (usually localhost)
port = 1234 # Server port (LM Studio default: 1234, Ollama: 11434)
model = "qwen2.5-coder-7b-instruct" # Optional for LM Studio
timeout = 600 # Request timeout in seconds
context_limit = 16384 # Context window size in tokens (minimum 16384 recommended)
# Ollama alternative (uncomment and comment out LM Studio above):
# backend = "ollama" # Use Ollama backend
# host = "localhost"
# port = 11434 # Ollama default port
# model = "qwen3:4b" # Model name (REQUIRED for Ollama)
# timeout = 600
# context_limit = 16384
# ==============================================================================
# Human-Focused Code Checks
# ==============================================================================
[[checks]]
pattern = "*.java"
checks = [
# Architectural checks
"Check for circular dependencies between packages.",
"Check that service layer does not call presentation layer directly.",
"Check for god classes with too many methods or fields.",
"Check for anemic domain models with only getters and setters.",
# Concurrency checks
"Check for shared mutable state without proper synchronization.",
"Check for double-checked locking anti-pattern.",
"Check for incorrect use of volatile keyword.",
"Check for thread-unsafe singletons.",
"Check for resource contention in critical sections.",
"Check for missing timeout handling for locks.",
# Resource management checks
"Check that resources are closed in finally block or try-with-resources.",
"Check for connection pool exhaustion patterns.",
"Check for memory leaks from static collections.",
"Check for incorrect transaction boundaries that are too broad or too narrow.",
"Check for missing rollback handling for failed transactions.",
# Security checks
"Check for SQL injection via string concatenation including StringBuilder.",
"Check that sensitive data like passwords, tokens, or PII is not logged.",
"Check for deserialization of untrusted data.",
"Check for insecure random number generation in security contexts.",
"Check for hardcoded credentials or API keys.",
"Check that user-supplied data is validated before use.",
# API contract checks
"Check that methods return Optional instead of null where appropriate.",
"Check for breaking changes to public API without @Deprecated annotation.",
"Check for inconsistent exception handling mixing checked and unchecked exceptions.",
"Check for missing null checks for method parameters.",
"Check for incorrect equals and hashCode implementations.",
# Algorithm and data structure optimization checks
"Check for O(n²) nested loops that could be optimized using HashMap or HashSet for O(1) lookups.",
"Check for linear searches in lists that could use binary search with Collections.binarySearch() on sorted lists.",
"Check for repeated string concatenation that could use StringBuilder.",
"Check for unnecessary copying of large objects that could use references or primitive arrays.",
"Check for ArrayList that frequently resizes and could use new ArrayList<>(capacity) with known size.",
"Check for algorithms that could benefit from memoization using caching libraries like Guava Cache.",
"Check for data structures chosen without considering time/space trade-offs (ArrayList vs LinkedList vs HashMap vs TreeMap).",
"Check for opportunities to use more efficient Java Stream API operations (map, filter, reduce, collect).",
"Check for containers where a different collection type would be more efficient (List vs Set vs Map).",
"Check for sorting operations that could use more efficient Comparator implementations or key extraction.",
"Check for TreeMap usage where HashMap would be more efficient for non-ordered keys.",
"Check for TreeSet usage where HashSet would be more efficient for non-ordered keys.",
"Check for repeated .size() or .length() calls in loops that could be cached.",
"Check for pass-by-value of large objects that should be passed by reference.",
"Check for algorithms with exponential complexity that could use dynamic programming.",
"Check for priority queue use cases that could use PriorityQueue instead of manual sorting.",
"Check for graph algorithms that could use more efficient data structures like adjacency lists with HashMap.",
"Check for cache-friendly data access patterns that could improve performance.",
"Check for LinkedList usage where ArrayList would be more efficient for random access.",
"Check for Vector usage where ArrayList would be more appropriate (Vector is synchronized).",
"Check for Hashtable usage where HashMap would be more appropriate (Hashtable is synchronized).",
"Check for repeated Map.get() calls that could be cached in local variables.",
"Check for String operations that could use StringBuilder or String methods more efficiently.",
"Check for array operations that could use System.arraycopy() or Arrays utility methods.",
"Check for primitive wrapper usage (Integer, Long) where primitives (int, long) would be more efficient.",
]
[[checks]]
pattern = "*"
checks = [
"Check for dead code or unused dependencies.",
"Check for outdated TODO or FIXME comments.",
"Check for copy-paste code that should be refactored.",
"Check for repeated code blocks that can be extracted into a separate function or method.",
"Check that test code tests behavior instead of implementation details.",
"Check that all changed code paths handle edge cases and error conditions correctly.",
"Check that the overall design fits the existing architecture and abstractions.",
"Check that complex logic is broken down into small, understandable units with clear responsibilities.",
"Check that names of variables, methods, and classes are clear, descriptive, and consistent.",
"Check for obvious performance issues like N+1 queries or unnecessary loops.",
"Check that database queries and external service calls are efficient and properly constrained.",
"Check that public APIs, configuration changes, or new behaviors are properly documented.",
"Check that comments and documentation are accurate, necessary, and up to date.",
"Check that logging and error messages are clear, informative, and follow project conventions.",
"Check that no sensitive data (keys, PII) is logged or exposed in output.",
"Check that configuration changes have safe, sensible defaults.",
"Check that feature flags are named consistently and reflect their purpose.",
]
# ==============================================================================
# Ignore Patterns (files and directories to skip during scanning)
# ==============================================================================
# Files and directories matching these patterns with empty checks will be ignored.
# Use /*dirname*/ syntax for directory patterns.
# Add or modify patterns as needed for your project.
[[checks]]
pattern = "*.md, *.txt, *.rst, *.html, *.json, *.toml, *.yaml, *.yml, /*test*/, /*tests*/, /*external*/, /*3rdparty*/, /*third_party*/, /*vendor*/, /*target*/, /*build*/, /*out*/"
checks = []