{
  "version": 1,
  "decisions": [],
  "suppression_rules": [
    {
      "by": "rule",
      "value": "py.auth.token_override_without_validation",
      "state": "suppressed",
      "note": "false_positive: token validation handled upstream by middleware"
    },
    {
      "by": "rule",
      "value": "state-resource-leak",
      "state": "suppressed",
      "note": "false_positive: resource lifecycle managed externally"
    },
    {
      "by": "rule",
      "value": "py.crypto.sha1",
      "state": "suppressed",
      "note": "accepted_risk: used for non-security checksum only"
    }
  ]
}