Configuration
Sextant reads .sextant/config.toml from the repository root. The
file is optional — every section has sensible defaults — but most
real projects ship one to tune thresholds.
Bootstrap
Section titled “Bootstrap”sextant initwrites a starter file. Edit it, commit it, and the CLI, the MCP server, and the GitHub Action all read from the same source.
Full example
Section titled “Full example”# Verdict thresholds — what counts as "block this".[verdict]max_errors = 0max_warns = 50
# Size-rule limits.[size]file_length_warn = 400file_length_error = 800fn_length_warn = 60fn_length_error = 120param_count_warn = 6param_count_error = 10
# Complexity-rule limits.[complexity]cyclomatic_warn = 10cyclomatic_error = 20nesting_warn = 4nesting_error = 6
# Token-duplication rule.[duplication]min_tokens = 100
# LLM-evaluator config.[judge]enabled = trueprovider = "anthropic"model = "claude-sonnet-4-6"api_key_env = "ANTHROPIC_API_KEY"max_concurrency = 4cache_dir = ".sextant/cache/llm"Sections
Section titled “Sections”| Section | What it controls |
|---|---|
[verdict] | When findings flip the verdict to request_changes. |
[size] | Thresholds for size-category built-ins. |
[complexity] | Thresholds for complexity-category built-ins. |
[duplication] | Token-duplication detection. |
[judge] | LLM provider config for llm-evaluated rules. |
Skipped paths
Section titled “Skipped paths”Sextant never grades generated, vendored, or prose files. The skip
list is hardcoded into the engine — there is no [paths] section to
edit:
**/Cargo.lock,**/package-lock.json,**/yarn.lock,**/pnpm-lock.yaml,**/poetry.lock,**/uv.lock**/target/**,**/node_modules/**,**/dist/**,**/build/****/.git/**,**/.sextant/cache/****/*.md,**/*.markdown,**/*.mdx— Markdown is prose; the built-in size/complexity rules are tuned for code.
Hiding source from a rule by excluding paths is intentionally not
supported. If a rule fires on code that legitimately shouldn’t trigger
it, fix the rule (refine its pattern, add a not_under ancestor check
on AST rules) rather than carving out a hole.
Inspecting the resolved config
Section titled “Inspecting the resolved config”sextant grade --format json | jq '.config' # not in the report# Use the MCP `get_config` tool, or:RUST_LOG=sextant_config=debug sextant gradeThe MCP get_config tool
returns the merged config — defaults overlaid by config.toml —
which is the easiest way to see what’s actually in effect.
See also
Section titled “See also”sextant init— scaffold a config.get_configMCP tool — inspect at runtime.- Rules catalog — what each section gates.