[FEATURE] Inline suppression (`# codelens-ignore`) — cross-language annotation (3 workers converged)

[Wolfvin]

Summary

Add inline suppression comments (# codelens-ignore, // codelens-ignore, /* codelens-ignore */, <!-- codelens-ignore -->) so users can silence false positives at line level. Suppressed findings remain in registry with status: suppressed for audit. SARIF suppressions field populated per spec.

Worker consensus (3 reports — identical proposal)

Worker	Source	Detail
UBS	update!/CodeLens_UBS_Upgrade_Analysis.md #1	# codelens-ignore, // codelens-ignore-next-line, optional rule-id list + -- reason text. Cross-language (Python, JS/TS/C/C++/Java/Rust/Go/Swift, Ruby, HTML, CSS). P0 quick win. Critical: audit ALL count pipelines (UBS bug #51 had 21 bypass patterns missed in v5.3.0).
Opengrep	update!/CodeLens_Opengrep_Upgrade_Analysis.md #35	Same syntax, default keyword codelens-ignore (more brandable than nosem). --codelens-ignore-pattern <regex> for custom keyword (e.g. nosemgrep compat). SARIF suppressions field per spec.
Semgrep	update!/CodeLens_Upgrade_Issues_from_Semgrep.md CL-011	# nolens and Semgrep-compatible # nosemgrep for ecosystem compat. Multi-language comment syntax. --disable-nolens enforces strict CI policy. Stats: {suppressed: N, by_rule: {...}}.

Proposed scope (P1, 3-5 days)

• Default keyword: codelens-ignore (brandable) + accept nolens / nosemgrep as aliases
• Syntax variants:
  • <code> // codelens-ignore: rule-id-1, rule-id-2 -- reason (suppress specific rules with reason)
  • <code> // codelens-ignore (suppress all rules on line)
  • /* codelens-ignore-next: rule-id */ on line before finding (multi-line)
• Per-language comment detection via existing tree-sitter comment nodes
• For fallback regex parsers: scan finding line + 1 prior line
• Suppressed findings stored with finding.suppressed = true, finding.suppressed_rules = [...], finding.suppressed_reason = "..."
• Filter at output layer (not engine layer) for auditability
• --codelens-ignore-pattern <regex> for custom keyword
• --disable-suppression flag for strict CI policy
• SARIF suppressions field populated

Acceptance criteria

• Works in Python, JS, TS, Rust, Go, Java, C, C++, Ruby, PHP, HTML, CSS (12 languages)
• Suppressed findings appear in --format json output with status: suppressed
• SARIF output uses suppressions field
• 30+ test cases (per UBS guidance to avoid count-pipeline bypass bug)
• --disable-suppression exits non-zero if any suppressed finding has severity ≥ high

Critical implementation note (from UBS)

UBS had a production bug (#51) where 21 bypass patterns were missed in v5.3.0 because count pipelines weren't audited. Audit ALL count pipelines in CodeLens (smell.stats.total_findings, secrets.stats.findings_count, taint.stats.violations, etc.) to ensure suppressed findings are counted as suppressed, not as active.

Files

• New scripts/suppression.py
• Update all engine _build_result methods to populate suppression fields
• Update scripts/formatters/sarif.py for suppressions field
• Update scripts/codelens.py for --codelens-ignore-pattern and --disable-suppression flags
• New tests/test_suppression.py with 30+ cases

[willianlima1533]

Hi there! I'm highly interested in picking up this task.

I recently architected and deployed a microkernel system (HEKS V6.1) optimized for resource-constrained edge hardware (running seamlessly on Termux environments). It features an automated dynamic scheduling architecture, an operational resilience engine against API rate limits (exponential backoff with jitter), and multi-worker thread convergence synchronized with a Vite + TypeScript analytics dashboard.

Given my background with state machines, multi-threaded worker architecture, and inline parsing validation, I can deliver a clean, fast, and optimized implementation for this feature/issue.

Could you assign this to me so I can submit a PR? Thanks!