Skip to main content

cc_audit/
lib.rs

1//! cc-audit - Security scanner for Claude Code configurations.
2//!
3//! This crate is organized into the following 7-layer architecture:
4//!
5//! - **L1 (input/)**: Input handling (CLI, stdin)
6//! - **L2 (config/)**: Configuration loading and validation
7//! - **L3 (discovery/)**: Target file discovery and filtering
8//! - **L4 (parser/)**: Content parsing for various file formats
9//! - **L5 (engine/)**: Detection engine and rule matching
10//! - **L6 (aggregator/)**: Result aggregation and scoring
11//! - **L7 (output/)**: Output formatting and reporting
12//!
13//! Cross-cutting modules:
14//! - **rules/**: Rule definitions and custom rules
15//! - **external/**: External integrations (hooks, MCP, watch)
16//! - **runtime/**: Execution control and pipeline (v1.x skeleton)
17//! - **types/**: Common type definitions
18
19// ============================================
20// 7-Layer Architecture Modules
21// ============================================
22
23// L1: Input Layer
24pub mod cli;
25pub mod client;
26pub mod input;
27
28// L2: Configuration Layer
29pub mod config;
30pub mod profile;
31
32// L3: Discovery Layer
33pub mod discovery;
34pub mod ignore;
35
36// L4: Parser Layer
37pub mod parser;
38
39// L5: Detection Engine Layer
40pub mod context;
41pub mod cve_db;
42pub mod deobfuscation;
43pub mod engine;
44pub mod homoglyph;
45pub mod line_join;
46pub mod malware_db;
47pub mod rules;
48pub mod suppression;
49
50// L6: Aggregation Layer
51pub mod aggregator;
52pub mod baseline;
53pub mod scoring;
54
55// L7: Output Layer
56pub mod output;
57pub mod reporter;
58
59// ============================================
60// Cross-Cutting Modules
61// ============================================
62
63pub mod error;
64pub mod external;
65pub mod runtime;
66pub mod types;
67
68// External integrations
69pub mod feedback;
70pub mod fix;
71pub mod hooks;
72pub mod mcp_server;
73pub mod pinning;
74pub mod proxy;
75pub mod remote;
76pub mod sbom;
77pub mod trusted_domains;
78pub mod watch;
79
80// Legacy modules (for backward compatibility)
81pub mod handlers;
82pub mod hook_mode;
83pub mod run;
84
85#[deprecated(
86    since = "3.2.0",
87    note = "Use `crate::engine` instead. This module will be removed in v4.0.0. \
88            See migration guide in `src/scanner/mod.rs`."
89)]
90pub mod scanner;
91
92#[cfg(test)]
93pub mod test_utils;
94
95// ============================================
96// Re-exports for Public API
97// ============================================
98
99// L1: Input
100pub use cli::{
101    BadgeFormat, CheckArgs, Cli, Commands, HookAction, OutputFormat, ProxyArgs, ScanType,
102};
103pub use client::{
104    ClientType, DetectedClient, detect_client, detect_installed_clients, list_installed_clients,
105};
106
107// L2: Configuration
108pub use config::{Config, ConfigError, ConfigLoadResult, TextFilesConfig, WatchConfig};
109pub use profile::{Profile, profile_from_check_args};
110
111// L3: Discovery
112pub use discovery::{DirectoryWalker, WalkConfig};
113pub use ignore::IgnoreFilter;
114
115// L4: Parser
116pub use parser::{
117    ContentParser, ContentType, DockerfileParser, FrontmatterParser, JsonParser, MarkdownParser,
118    ParsedContent, ParserRegistry, TomlParser, YamlParser,
119};
120
121// L5: Detection Engine
122pub use context::{ContentContext, ContextDetector};
123pub use cve_db::{CveDatabase, CveDbError, CveEntry};
124pub use deobfuscation::{DecodedContent, Deobfuscator};
125pub use engine::traits::{AnalysisMetadata, AnalysisResult, DetectionEngine, EngineConfig};
126pub use engine::{
127    CommandScanner, ContentScanner, DependencyScanner, DockerScanner, HookScanner, McpScanner,
128    PluginScanner, RulesDirScanner, ScanError, Scanner, ScannerConfig, SkillScanner,
129    SubagentScanner,
130};
131pub use malware_db::{MalwareDatabase, MalwareDbError};
132pub use rules::{
133    Confidence, CustomRuleError, CustomRuleLoader, DynamicRule, Finding, RuleEngine, RuleSeverity,
134    ScanResult, Severity, Summary,
135};
136
137// L6: Aggregation
138pub use aggregator::{FindingCollector, SummaryBuilder};
139pub use baseline::{Baseline, DriftEntry, DriftReport};
140pub use scoring::{CategoryScore, RiskLevel, RiskScore, SeverityBreakdown};
141
142// L7: Output
143pub use output::OutputFormatter;
144pub use reporter::{
145    Reporter, html::HtmlReporter, json::JsonReporter, markdown::MarkdownReporter,
146    sarif::SarifReporter, terminal::TerminalReporter,
147};
148
149// Runtime & Orchestration
150pub use run::{
151    ScanMode, WatchModeResult, format_result_check_args, format_result_with_config, is_text_file,
152    is_text_file_with_config, run_scan_with_check_args, run_scan_with_check_args_config,
153    scan_path_with_cve_db, scan_path_with_malware_db, setup_watch_mode, watch_iteration,
154};
155pub use runtime::{HookRunner, Pipeline, PipelineStage, ScanContext, ScanExecutor};
156
157// External Integrations
158pub use error::{AuditError, Result};
159pub use feedback::{FalsePositiveReport, ReportSubmitter, SubmitResult, SubmitTarget};
160pub use fix::{AutoFixer, Fix, FixResult};
161pub use hooks::{HookError, HookInstaller};
162pub use mcp_server::McpServer;
163pub use pinning::{PinMismatch, PinVerifyResult, PinnedTool, ToolPins};
164pub use proxy::{InterceptAction, MessageInterceptor, ProxyConfig, ProxyLogger, ProxyServer};
165pub use remote::{ClonedRepo, GitCloner, RemoteError, parse_github_url};
166pub use sbom::{
167    Component, ComponentType, CycloneDxBom, DependencyExtractor, SbomBuilder, SbomFormat,
168};
169pub use trusted_domains::{TrustedDomain, TrustedDomainMatcher};
170pub use types::{AuthToken, FileHash, GitRef, PathValidationError, RuleId, ScanTarget};
171pub use watch::FileWatcher;