Sigilix’s subsystems are opt-out, not opt-in: install the app, get every feature. Each subsystem has its ownDocumentation Index
Fetch the complete documentation index at: https://docs.sigilix.ai/llms.txt
Use this file to discover all available pages before exploring further.
{ enabled: false } switch in sigilix.json for repos where the default doesn’t fit.
The switches
| Key | Subsystem | Default | Disable with |
|---|---|---|---|
depVulns | Dependency vulnerability scan | enabled | { "depVulns": { "enabled": false } } |
astRules | AST rule-pack scanner (JS/TS) | enabled | { "astRules": { "enabled": false } } |
sarif | SARIF evidence channel (Trivy + generic) | enabled | { "sarif": { "enabled": false } } |
reviewMemory | Cross-PR review memory | enabled | { "reviewMemory": { "enabled": false } } |
describe | /sigilix describe slash command | enabled | { "describe": { "enabled": false } } |
sigilix.json, not nested under commands.
When to disable each
depVulns — dependency vulnerability scan (ARC-186)
Sigilix scans npm dependencies against a bundled vulnerability database on every review. Disable if:
- You already have Dependabot, Snyk, or another scanner producing duplicate alerts.
- Your repo isn’t npm-based (the scanner is npm-only today; non-npm repos see no findings anyway).
- You explicitly don’t want supply-chain commentary on PRs (rare).
astRules — AST rule-pack scanner (ARC-181)
A pre-LLM AST scanner for JS/TS that catches a small list of common patterns (e.g., no-eval-call). Disable if:
- You’re not using JS/TS (the scanner is a no-op anyway, but disabling skips the parse).
- You’ve moved equivalent checks into your own ESLint config and don’t want overlap in the review comment.
sarif — SARIF evidence channel (ARC-188)
Sigilix accepts Trivy and generic SARIF v2.1.0 reports uploaded as PR artifacts and injects high-severity findings into the synthesizer as evidence. Disable if:
- You don’t produce SARIF artifacts in CI (the channel is a no-op but disabling silences any warnings).
- You produce SARIF but don’t want it in the Sigilix review (e.g., you already post it as its own GitHub Code Scanning comment).
reviewMemory — cross-PR review memory (ARC-189)
Sigilix records which findings the team accepted versus dismissed across past PRs and uses that signal to calibrate future reviews on this repo (down-weight categories you consistently dismiss, up-weight categories you consistently act on). Disable if:
- You have an unusual review pattern (e.g., bot-driven approvals) that would teach the memory wrong signals.
- You explicitly want every review to be context-free.
describe — /sigilix describe slash command (ARC-191)
Sigilix can draft PR descriptions and changelog entries on demand. Disable if:
- Your team strictly hand-writes PR descriptions and doesn’t want even the option of drafting.
- You’ve seen the drafts leak internal jargon you don’t want in external changelogs (consider tuning
commands.describe.promptfirst).
pull_request.opened.
Defaults are deliberately on
Each subsystem was added because it earned its place — ARC-186 catches real CVEs the LLM specialists miss, ARC-189 reduces repeat false-positives, etc. The opt-out is for cases where the subsystem actively hurts (duplicate alerts, conflicting signals), not for cases where you simply haven’t thought about it. If you’re not sure whether to disable, leave it enabled and check the telemetry over a week.A combined “minimal” config
For teams that want the LLM ensemble only — no scanners, no memory, no describe:deterministicChecks still run; pathFilters, profile, guidance, and rules still apply.
Read next
Configuration reference
Full
sigilix.json schema.Evidence & Provenance
What the scanners catch — useful context before deciding to disable.