Configuration
Configuration File
Sandtrace looks for a configuration file at ~/.sandtrace/config.toml or .sandtrace.toml in the project root.
[scan]
# Directories to scan (defaults to current directory)
paths = ["~/projects", "~/code"]
# Maximum file size to scan (in bytes)
max_file_size = 1048576
# Enable or disable specific detection modules
[modules]
credentials = true
mcp_config = true
supply_chain = true
git_templates = true
obfuscation = true
[watch]
# Paths to monitor in watch mode
paths = ["~/.claude", "~/.cursor", "~/.continue", "~/.windsurf"]
# Debounce interval in milliseconds
debounce_ms = 500
Environment Variables
SANDTRACE_CONFIG— Path to config fileSANDTRACE_LOG— Log level (trace, debug, info, warn, error)SANDTRACE_NO_COLOR— Disable colored output