Skip to content

[no-issue] docs: complete usage & configuration guide per product (EN+PT)#16

Merged
vinicq merged 1 commit into
vinicq:mainfrom
homesellerq-coder:docs/complete-usage-config
Jun 29, 2026
Merged

[no-issue] docs: complete usage & configuration guide per product (EN+PT)#16
vinicq merged 1 commit into
vinicq:mainfrom
homesellerq-coder:docs/complete-usage-config

Conversation

@vinicq

@vinicq vinicq commented Jun 29, 2026

Copy link
Copy Markdown
Owner

Each scanner page (python/javascript/robot/skill, EN+PT) gets a complete usage+config section: install channels, every output format, configuration (disable/suppress/config-file/config-audit/baseline/diagnostics), exit codes, CI (Actions+SARIF+pre-commit); skill gets full analyze+fix flags, provider config incl openai-compatible (Nvidia/Fireworks/Groq), and per-host enable steps. mkdocs --strict passes.

Add a "Complete usage and configuration" section to each scanner page (python, javascript, robot,
skill) and its PT sibling: install channels, invocation, every output format (text/json/sarif/junit,
+robot), configuration (disable/enable, inline suppression, project config file, --config-audit with
the real PL codes, --baseline, --diagnostics, precedence), exit codes, and CI (GitHub Actions + SARIF
upload + pre-commit). For the skill: the full analyze + fix flag tables, provider config
(anthropic/openai/gemini/openai-compatible with base-url + env keys, incl reasoning-model endpoints
Nvidia/Fireworks/Groq), and per-host enable steps. EN/PT lockstep, explicit heading anchors.

Co-authored-by: homesellerq-coder <294912019+homesellerq-coder@users.noreply.github.com>
@vinicq vinicq merged commit cf908b9 into vinicq:main Jun 29, 2026
1 check passed

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 4aeb98cf31

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread docs/scanners/skill.md
```bash
npx falsegreen-skill analyze tests/test_orders.py # single file
npx falsegreen-skill analyze tests/test_orders.py tests/test_pay.py # multiple (separate calls)
npx falsegreen-skill analyze tests/ --json --fail-on-high # CI gate: exits 2 on a HIGH finding

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Use file inputs in skill analyze examples

The falsegreen-skill CLI help/implementation takes analyze <file...> and reads each argument directly as a file; it does not expand directories. In this CI-gate example, passing tests/ will fail on the directory instead of scanning the suite, so users copying the documented command cannot run the gate. Use explicit files/globs expanded before invoking the CLI, or document directory support only after the CLI implements traversal.

Useful? React with 👍 / 👎.

Comment thread docs/scanners/robot.md
`# falsegreen: ignore` (no brackets) silences every code on that line; `ignore[C16,C20]` silences
only the listed codes. Only the exact `falsegreen:` token suppresses; a plain `# ignore` does not.

**Diagnostics group (default off).** The maintainability codes (`D2`, `M2`) are not false-green,

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Document the actual Robot diagnostics config

rffalsegreen's project config only honors disable, diagnostics, long_test, and verify_keywords, and the CLI exposes --diagnostics; there is no per-code severity key for Robot. Users following this sentence will add a severity setting that is ignored with an unknown-key warning, leaving D2/M2 disabled instead of enabling the intended diagnostics.

Useful? React with 👍 / 👎.

Comment thread docs/scanners/python.md
**Pre-commit hook.** Add to `.pre-commit-config.yaml`:

```yaml
- repo: https://github.com/vinicq/falsegreen

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Include the top-level repos key

pre-commit expects .pre-commit-config.yaml to contain a top-level repos: list; this snippet starts directly with an indented - repo, so a user following “Add to .pre-commit-config.yaml” in a new project gets invalid YAML/a config that won't validate. Add the surrounding repos: key (same issue in the JS and Robot snippets) or explicitly say this block belongs under an existing repos: list.

Useful? React with 👍 / 👎.

Comment thread docs/scanners/python.md
Comment on lines +182 to +183
falsegreen --write-baseline tests/ # write .falsegreen-baseline.json, exit 0
falsegreen --baseline tests/ # suppress recorded findings, fail on new ones

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Don't pass scan paths as baseline paths

With the current argparse definition, --baseline and --write-baseline take an optional value, so in these examples tests/ is consumed as the baseline file path rather than a scan target. falsegreen --write-baseline tests/ tries to write the JSON baseline to the tests/ directory, and falsegreen --baseline tests/ loads from that directory while scanning the cwd, so users copying the ratchet commands fail or gate the wrong scope; put tests/ before the flag or use an explicit baseline path.

Useful? React with 👍 / 👎.

Comment thread docs/scanners/python.md
Comment on lines +241 to +242
`pre-commit autoupdate` rewrites the `rev`. Bypass once with `git commit --no-verify`, or set
`FALSEGREEN_BLOCK=0` to make the hook warn-only. To run on push instead of commit, set

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Don't advertise warn-only for pre-commit hook

This paragraph is still describing the pre-commit framework hook, whose manifest runs falsegreen --staged directly; the scanner exits 20 for HIGH findings and never reads FALSEGREEN_BLOCK. In that setup, setting FALSEGREEN_BLOCK=0 will not make the hook warn-only (only the raw hook_install wrapper below implements that env var), so users will still have blocked commits despite following the docs.

Useful? React with 👍 / 👎.

Comment thread docs/scanners/python.md
Comment on lines +144 to +146
**Project config file.** `[tool.falsegreen]` in `pyproject.toml`, or a flat `.falsegreen.toml`
at the repo root (`.falsegreen.toml` wins if both exist). Point at a specific file with
`--config PATH`.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Mention TOML parser requirement on Python 3.8-3.10

In the advertised Python 3.8+ no-dependency install, Python 3.8-3.10 do not have tomllib, and the package does not depend on tomli; the scanner silently falls back to an empty config when no TOML reader is available. Users on those supported versions who add this pyproject.toml/.falsegreen.toml config will have disables, excludes, and severity overrides ignored unless they also install tomli, so the docs should call out that requirement or narrow the config support.

Useful? React with 👍 / 👎.

Comment thread docs/scanners/python.md
falsegreen tests/ --output .falsegreen/ # write report.<ext> into a directory
```

- **`json`** carries the full envelope: tool, version, judgments, and the findings list.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Don't describe Python JSON as an envelope

The Python scanner's render_json currently returns a bare list of finding dicts, not an object with tool, version, or judgments. Any CI/parser written from this new reference will look for envelope fields that never exist and fail to consume the report; describe the actual list shape or change the scanner before documenting the envelope.

Useful? React with 👍 / 👎.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant