dsfb-gray 0.1.0

DSFB-Gray Structural Semiotics Engine: Deterministic Rust crate auditing with structural code-quality interpretation, assurance scoring, and attestation export. Core observer modules remain no_std-compatible when built without the default std feature.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72

# DSFB Gray Architecture

## Purpose

`dsfb-gray` combines a deterministic runtime observer with a broad static crate
audit and portable attestation outputs. The project is intentionally broad: the
goal is to help Rust developers improve code quality while preserving
standards- and certification-relevant review signals in one place.

## Main Layers

### 1. Runtime Observer

The runtime observer accepts immutable `ResidualSample` values and derives:

- residual sign
- drift
- slew
- admissibility-envelope position
- grammar state
- reason code
- optional audit-trace events

This layer is the core deterministic interpretation engine.

### 2. Static Crate Audit

The static scanner walks a crate tree and emits one canonical broad audit that
includes:

- safety and panic surface signals
- verification and governance evidence
- Power-of-Ten-inspired review rules
- advanced structural checks
- heuristic provenance motifs
- score and subscores
- remediation and verification guidance

The audit is designed as a review-improvement instrument, not a compliance
certificate.

### 3. Static-To-Runtime Bridge

The scanner can derive bounded structural priors from static findings. Those
priors bias runtime interpretation conservatively without overriding runtime
evidence.

### 4. Attestation and Evidence Export

The scanner exports:

- text reports
- SARIF findings
- in-toto statements
- DSSE envelopes

These artifacts support CI retention, review traceability, and supply-chain
portability.

## Canonical Flow

1. Source motifs are scanned into a canonical broad audit.
2. The audit produces findings, evidence IDs, score, and subscores.
3. Optional static priors are derived from those findings.
4. Runtime telemetry is interpreted by the observer.
5. Runtime results and static artifacts can be retained together.

## Non-Certification Boundary

DSFB keeps standards- and certification-relevant checks in scope, but the crate
does not claim literal compliance or certification. The audit approximates
review surfaces and helps maintainers improve readiness and code quality.