# Dotset Configuration
# Version is required
version: '1'
# Hardpoint (Security Scanner) Configuration
hardpoint:
# Run scan automatically when using `dotset run`
scanOnStart: true # default: true
# Minimum severity level to report
# Options: info, low, medium, high, critical
minSeverity: medium # default: medium
# Paths to exclude from scanning (glob patterns)
excludePaths:
- node_modules/**
- .git/**
- vendor/**
# Additional paths to include in scan
additionalPaths:
- ../shared-config/
# Tollgate (Access Control) Configuration
tollgate:
# Approval timeout in milliseconds
timeout: 60000 # default: 60000 (1 minute)
# How to prompt for approval
# Options: terminal, interactive, webhook
approvalMethod: terminal # default: terminal
# Port for interactive approval UI
approvalPort: 3000
# MCP server configurations
servers:
postgres:
command: npx
args: ["-y", "@modelcontextprotocol/server-postgres"]
env:
DATABASE_URL: "${DATABASE_URL}"
defaultAction: prompt # allow, deny, or prompt
analyzer: sql
filesystem:
command: npx
args: ["-y", "@anthropic/mcp-server-filesystem", "./"]
defaultAction: prompt
analyzer: filesystem
# Deadfall (Honeypot) Configuration
deadfall:
# Auto-start honeypot server with `dotset run`
autoServe: false # default: false
# Trap configurations
traps:
- type: cursor-rules
path: .cursorrules
- type: claude-context
path: CLAUDE.md
- type: context
path: CONTEXT.md
