agent-shield 0.8.0

Security scanner for AI agent extensions — offline-first, multi-framework, SARIF output
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63

use serde::{Deserialize, Serialize};
use std::path::PathBuf;

use super::SourceLocation;

/// Dependency information extracted from lockfiles and manifests.
#[derive(Debug, Clone, Default, Serialize, Deserialize)]
pub struct DependencySurface {
    /// Parsed dependencies.
    pub dependencies: Vec<Dependency>,
    /// Lockfile information.
    pub lockfile: Option<LockfileInfo>,
    /// Issues found in dependency analysis.
    pub issues: Vec<DependencyIssue>,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct Dependency {
    pub name: String,
    pub version_constraint: Option<String>,
    pub locked_version: Option<String>,
    pub locked_hash: Option<String>,
    /// "pypi", "npm", etc.
    pub registry: String,
    pub is_dev: bool,
    pub location: Option<SourceLocation>,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct LockfileInfo {
    pub path: PathBuf,
    pub format: LockfileFormat,
    pub all_pinned: bool,
    pub all_hashed: bool,
}

#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
#[serde(rename_all = "snake_case")]
pub enum LockfileFormat {
    PipRequirements,
    PipenvLock,
    PoetryLock,
    UvLock,
    NpmLock,
    PnpmLock,
    YarnLock,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct DependencyIssue {
    pub issue_type: DependencyIssueType,
    pub package_name: String,
    pub description: String,
}

#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
#[serde(rename_all = "snake_case")]
pub enum DependencyIssueType {
    Unpinned,
    NoHash,
    PossibleTyposquat,
    NoLockfile,
}