cc_audit/
lib.rs

1//! cc-audit - Security scanner for Claude Code configurations.
2//!
3//! This crate is organized into the following 7-layer architecture:
4//!
5//! - **L1 (input/)**: Input handling (CLI, stdin)
6//! - **L2 (config/)**: Configuration loading and validation
7//! - **L3 (discovery/)**: Target file discovery and filtering
8//! - **L4 (parser/)**: Content parsing for various file formats
9//! - **L5 (engine/)**: Detection engine and rule matching
10//! - **L6 (aggregator/)**: Result aggregation and scoring
11//! - **L7 (output/)**: Output formatting and reporting
12//!
13//! Cross-cutting modules:
14//! - **rules/**: Rule definitions and custom rules
15//! - **external/**: External integrations (hooks, MCP, watch)
16//! - **runtime/**: Execution control and pipeline (v1.x skeleton)
17//! - **types/**: Common type definitions
18
19// ============================================
20// 7-Layer Architecture Modules
21// ============================================
22
23// L1: Input Layer
24pub mod cli;
25pub mod client;
26pub mod input;
27
28// L2: Configuration Layer
29pub mod config;
30pub mod profile;
31
32// L3: Discovery Layer
33pub mod discovery;
34pub mod ignore;
35
36// L4: Parser Layer
37pub mod parser;
38
39// L5: Detection Engine Layer
40pub mod context;
41pub mod cve_db;
42pub mod deobfuscation;
43pub mod engine;
44pub mod malware_db;
45pub mod rules;
46pub mod suppression;
47
48// L6: Aggregation Layer
49pub mod aggregator;
50pub mod baseline;
51pub mod scoring;
52
53// L7: Output Layer
54pub mod output;
55pub mod reporter;
56
57// ============================================
58// Cross-Cutting Modules
59// ============================================
60
61pub mod error;
62pub mod external;
63pub mod runtime;
64pub mod types;
65
66// External integrations
67pub mod fix;
68pub mod hooks;
69pub mod mcp_server;
70pub mod pinning;
71pub mod remote;
72pub mod trusted_domains;
73pub mod watch;
74
75// Legacy modules (for backward compatibility)
76pub mod handlers;
77pub mod hook_mode;
78pub mod run;
79pub mod scanner;
80
81#[cfg(test)]
82pub mod test_utils;
83
84// ============================================
85// Re-exports for Public API
86// ============================================
87
88// L1: Input
89pub use cli::{BadgeFormat, Cli, OutputFormat, ScanType};
90pub use client::{
91    ClientType, DetectedClient, detect_client, detect_installed_clients, list_installed_clients,
92};
93
94// L2: Configuration
95pub use config::{Config, ConfigError, TextFilesConfig, WatchConfig};
96pub use profile::{Profile, profile_from_cli};
97
98// L3: Discovery
99pub use discovery::{DirectoryWalker, WalkConfig};
100pub use ignore::IgnoreFilter;
101
102// L4: Parser
103pub use parser::{
104    ContentParser, ContentType, DockerfileParser, FrontmatterParser, JsonParser, MarkdownParser,
105    ParsedContent, ParserRegistry, TomlParser, YamlParser,
106};
107
108// L5: Detection Engine
109pub use context::{ContentContext, ContextDetector};
110pub use cve_db::{CveDatabase, CveDbError, CveEntry};
111pub use deobfuscation::{DecodedContent, Deobfuscator};
112pub use engine::traits::{AnalysisMetadata, AnalysisResult, DetectionEngine, EngineConfig};
113pub use engine::{
114    CommandScanner, ContentScanner, DependencyScanner, DockerScanner, HookScanner, McpScanner,
115    PluginScanner, RulesDirScanner, ScanError, Scanner, ScannerConfig, SkillScanner,
116    SubagentScanner,
117};
118pub use malware_db::{MalwareDatabase, MalwareDbError};
119pub use rules::{
120    Confidence, CustomRuleError, CustomRuleLoader, DynamicRule, Finding, RuleEngine, RuleSeverity,
121    ScanResult, Severity, Summary,
122};
123
124// L6: Aggregation
125pub use aggregator::{FindingCollector, SummaryBuilder};
126pub use baseline::{Baseline, DriftEntry, DriftReport};
127pub use scoring::{CategoryScore, RiskLevel, RiskScore, SeverityBreakdown};
128
129// L7: Output
130pub use output::OutputFormatter;
131pub use reporter::{
132    Reporter, html::HtmlReporter, json::JsonReporter, markdown::MarkdownReporter,
133    sarif::SarifReporter, terminal::TerminalReporter,
134};
135
136// Runtime & Orchestration
137pub use run::{
138    ScanMode, WatchModeResult, format_result, is_text_file, is_text_file_with_config, run_scan,
139    scan_path_with_cve_db, scan_path_with_malware_db, setup_watch_mode, watch_iteration,
140};
141pub use runtime::{HookRunner, Pipeline, PipelineStage, ScanContext, ScanExecutor};
142
143// External Integrations
144pub use error::{AuditError, Result};
145pub use fix::{AutoFixer, Fix, FixResult};
146pub use hooks::{HookError, HookInstaller};
147pub use mcp_server::McpServer;
148pub use pinning::{PinMismatch, PinVerifyResult, PinnedTool, ToolPins};
149pub use remote::{ClonedRepo, GitCloner, RemoteError, parse_github_url};
150pub use trusted_domains::{TrustedDomain, TrustedDomainMatcher};
151pub use types::{AuthToken, FileHash, GitRef, PathValidationError, RuleId, ScanTarget};
152pub use watch::FileWatcher;
cc_audit/lib.rs

cc_audit/
lib.rs
