Configuration File

Trestle reads .trestlerc.toml files to apply persistent options. The same keys are available on the command line, but a configuration file is preferable for settings that should apply to every scan.

Search order and layering

When Trestle scans a directory, it walks from the filesystem root down to that directory and reads a .trestlerc.toml from every level that contains one. For single-value options (booleans and strings), settings from deeper files override settings from shallower files. For list options (skip-glob, skip-directory-names, and skip-file-names), entries accumulate: every list entry declared in any layer stays active. Command-line options follow the same rule.

A common arrangement is one file at the project root with the defaults, and additional files in any subdirectories that need different settings.

File format

Standard TOML, with one flat key per option. The keys match the command-line option names without the leading --:

output-format = "json"
show-summary = false
skip-vcs-ignored = true

skip-directory-names = ["fixtures", "snapshots"]
skip-glob = ["docs/**", "*.snap"]

Unknown keys are ignored. When the file does not parse as valid TOML, it is skipped silently.

Keys

Each key accepts the same value type as its command-line counterpart. For the full list of options, their value types, and defaults, see Command Line. Use the option's name without the leading --.

How skip rules combine across layers

Every entry in skip-glob, skip-directory-names, and skip-file-names is scoped to the directory of the .trestlerc.toml that declared it. The rule applies to that directory and everything below it.

A skip-glob pattern is matched against each path written relative to that directory.
A skip-directory-names or skip-file-names entry matches a directory or file by name, but only inside that directory's subtree.

For example, skip-directory-names = ["fixtures"] in packages/api/.trestlerc.toml skips every fixtures directory under packages/api/. It does not affect packages/web/fixtures/, because that path is outside the subtree where the rule was declared.

When a deeper .trestlerc.toml declares more entries, those entries are added to what the higher files already declared.

Consider this layout:

my-project

.trestlerc.toml skip-glob = ["**/dist/**"]

dist excluded by .trestlerc.toml

packages

api

.trestlerc.toml skip-glob = ["fixtures/**"]

dist excluded by /my-project/.trestlerc.toml

fixtures excluded by .trestlerc.toml

src

When Trestle scans packages/api, both skip-glob lists are active:

**/dist/** from the root .trestlerc.toml is anchored at the project root. It matches any dist directory anywhere under the root, so both dist and packages/api/dist are excluded.
fixtures/** from packages/api/.trestlerc.toml is anchored at packages/api. It resolves to packages/api/fixtures/** and excludes only that fixtures directory.

Example

A project-root .trestlerc.toml that emits SARIF to a file, excludes fixtures directories and all .example.env files in the docs directory, and includes remediation guidance (Pro):

output-format = "sarif"
output-file = "trestle.sarif"
explain = true

skip-directory-names = ["fixtures"]
skip-glob = ["docs/**/*.example.env"]