Skip to content
Certify

Configuration

Config File

Section titled “Config File”

certify init creates .certification/config.yml:

# Certify — Configuration
mode: advisory


scope:
  include: []
  exclude:
    - "vendor/**"
    - "node_modules/**"
    - "dist/**"
    - "build/**"
    - "testdata/**"
    - "**/*_test.go"
    - "**/*.test.ts"
    - "**/*.spec.ts"


agent:
  enabled: false


expiry:
  default_window_days: 90
  min_window_days: 7
  max_window_days: 365


issues:
  enabled: false

Sections

Section titled “Sections”

mode

Section titled “mode”
ValueBehavior
advisoryReports results but does not block. Default.
enforcingCan block PRs and fail CI on certification failures.

scope

Section titled “scope”

Controls which files are included in certification.

  • include — Glob patterns to include. Empty means everything.
  • exclude — Glob patterns to exclude. Matched files are skipped during discovery.

agent

Section titled “agent”

Optional LLM-assisted review. Any OpenAI-compatible endpoint works. See Agent-Assisted Review.

# OpenAI example
agent:
  enabled: true
  provider:
    type: openai-compatible
    base_url: https://api.openai.com/v1
    api_key_env: OPENAI_API_KEY
  models:
    prescreen: gpt-4o-mini
    review: gpt-4o-mini
    scoring: gpt-4o-mini
  rate_limit:
    requests_per_minute: 20
    retry_max: 3
# OpenRouter example
agent:
  enabled: true
  provider:
    type: openai-compatible
    base_url: https://openrouter.ai/api/v1
    api_key_env: OPENROUTER_API_KEY
  models:
    prescreen: qwen/qwen3-coder:free
    review: qwen/qwen3-coder:free
    fallback: mistralai/mistral-nemo
# Local Ollama example
agent:
  enabled: true
  provider:
    type: openai-compatible
    base_url: http://localhost:11434/v1
  models:
    prescreen: qwen3-coder
    review: qwen3-coder

expiry

Section titled “expiry”

Controls certification window duration.

FieldDefaultDescription
default_window_days90Standard certification window
min_window_days7Minimum window (high-risk code)
max_window_days365Maximum window (stable code)

Risk factors automatically adjust the window — high-churn code gets shorter windows.

issues

Section titled “issues”

GitHub issue integration for remediation tracking.

issues:
  enabled: true

When enabled, failing certifications create GitHub issues via the gh CLI.

Validating Your Config

Section titled “Validating Your Config”

Run the built-in diagnostics to check your configuration:

Terminal window
certify doctor

This validates your config.yml syntax, checks expiry settings, verifies agent provider configuration (API keys, base URL, model), validates all policy packs, and confirms tools and providers are available.

See Doctor & Onboard → for details.