agent-shield 0.8.0

Security scanner for AI agent extensions — offline-first, multi-framework, SARIF output
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40

use std::path::Path;

use serde::Serialize;

use crate::error::Result;
use crate::rules::policy::PolicyVerdict;
use crate::rules::Finding;

/// A finding entry with an attached fingerprint for JSON output.
#[derive(Serialize)]
struct FindingWithFingerprint<'a> {
    #[serde(flatten)]
    finding: &'a Finding,
    fingerprint: String,
}

#[derive(Serialize)]
struct JsonReport<'a> {
    findings: Vec<FindingWithFingerprint<'a>>,
    verdict: &'a PolicyVerdict,
}

/// Render findings as a JSON report, with a `fingerprint` field on each finding.
pub fn render(findings: &[Finding], verdict: &PolicyVerdict, scan_root: &Path) -> Result<String> {
    let findings_with_fp: Vec<FindingWithFingerprint<'_>> = findings
        .iter()
        .map(|f| FindingWithFingerprint {
            finding: f,
            fingerprint: f.fingerprint(scan_root),
        })
        .collect();

    let report = JsonReport {
        findings: findings_with_fp,
        verdict,
    };

    let json = serde_json::to_string_pretty(&report)?;
    Ok(json)
}