cordance-scan

Deterministic repository scanner. Classifies every file by path + filename, blocks runtime exhaust, and produces source records for the Cordance IR.

Part of the Cordance workspace.

Discoverability

Search terms: Cordance scanner, repository scanner, deterministic file classification, source records, blocked surfaces, secret filename guard, AI agent context inventory.

What it does

cordance-scan walks a target directory, hashes every file, and assigns each one a SourceClass taxonomy bucket (e.g. ProjectAdr, EngineeringDoctrinePrinciple, ProjectAgentFile, BlockedSurface). Classification is content-agnostic by design — it never reads prose to decide what something is, only path and filename.

Block rules cover:

• Runtime exhaust: .cordance/, .git/, .claude/{cache,sessions,…}, .codex/{cache,sessions}, node_modules/, target/, __pycache__/, ….
• Secrets / credential filenames: id_rsa, secrets.json, .env, Credentials.*, anything starting with secret or matching the .secret. substring pattern.
• OS junk: .DS_Store, Thumbs.db.

Case folding (lowercase comparison key) keeps SECRET-FOO.TXT blocked alongside secret-foo.txt on default-case-insensitive NTFS / APFS.

Install

[dependencies]
cordance-scan = "0.1"

Quick start

use camino::Utf8PathBuf;

let target = Utf8PathBuf::from(".");
let sources = cordance_scan::scan_repo(&target).expect("scan succeeds");

for record in &sources {
    if record.blocked {
        eprintln!("blocked: {} ({})", record.path, record.blocked_reason.as_deref().unwrap_or("?"));
    } else {
        println!("{:?}: {} ({} bytes)", record.class, record.path, record.size_bytes);
    }
}

See also

• Cordance project README
• cordance-core — defines SourceClass / SourceRecord.
• cordance-cli — cordance scan subcommand wraps this crate.

License

Dual-licensed under MIT OR Apache-2.0.