# --------------------------------------------------------------------
# nyx Vulnerability Scanner — DEFAULT CONFIGURATION
#
# Copy this file to `nyx.local` in the same directory and override
# only the keys you need.  Anything you omit inherits the defaults
# shown here.
# --------------------------------------------------------------------

[scanner]

## Minimum severity level to include in the report
##   Possible values: Low | Medium | High | Critical
min_severity = "Low"

## Maximum file size to scan (MiB); null = unlimited
max_file_size_mb = null

## File extensions to ignore completely
excluded_extensions = [
  "jpg", "png", "gif", "mp4", "avi", "mkv",
  "zip", "tar", "gz", "exe", "dll", "so",
]

## Directories to ignore completely
excluded_directories = [
  "node_modules", ".git", "target", ".vscode",
  ".idea", "build", "dist",
]

## Individual files to ignore completely
excluded_files = []

## Honour global ignore file (e.g. ~/.config/nyx/ignore)
read_global_ignore = false

## Honour .gitignore / .hgignore, etc.
read_vcsignore = true

## Require a .git directory to read gitignore files
require_git_to_read_vcsignore = true

## Limit search to the starting file system only
one_file_system = false

## Follow symlinks when scanning
follow_symlinks = false

## Scan hidden files (dot-files)
scan_hidden_files = false


[database]

## Where to store the SQLite database (empty = default path)
path = ""

## Number of days to keep database files; 0 = no cleanup  (UNIMPLEMENTED)
auto_cleanup_days = 30

## Maximum database size in MiB; 0 = no limit          (UNIMPLEMENTED)
max_db_size_mb = 1024

## Run VACUUM on startup                               (UNIMPLEMENTED)
vacuum_on_startup = false


[output]

## Output format — only "console" exists for now
default_format = "console"

## Suppress all console output                         (UNIMPLEMENTED)
quiet = false

## Cap the number of issues shown; null = unlimited
max_results = null


[performance]

## Maximum search depth; null = unlimited              (UNIMPLEMENTED)
max_depth = null

## Minimum depth for reported entries; null = none     (UNIMPLEMENTED)
min_depth = null

## Stop traversing into matching directories
prune = false

## Worker threads; null or 0 = auto
worker_threads = null

## Number of entries to index in a single chunk
batch_size = 100

## Channel capacity multiplier (capacity = threads × this)
channel_multiplier = 4

## Timeout on individual files (seconds); null = none  (UNIMPLEMENTED)
scan_timeout_secs = null

## Maximum memory to use in MiB; 0 = no limit          (UNIMPLEMENTED)
memory_limit_mb = 512