raxit-core 0.1.0

RAXIT Core - Runtime AI eXecution Integrity & Trust

Core security scanning engine for AI agent applications built with Rust. Provides high-performance static analysis, security vulnerability detection, and compliance validation for AI agent codebases.

Features

• Fast AST Parsing: Uses tree-sitter for high-performance Python code analysis
• Framework Detection: Automatically detects PydanticAI, LangGraph, CrewAI, AutoGen, Swarm
• Security Analysis: 4 built-in analyzers for comprehensive security coverage
• Incremental Scanning: File-level caching for fast re-scans
• Multi-format Output: JSON and YAML serialization support

Security Analyzers

1. Trust Boundary Analyzer - Meta's "Rule of Two" for unsafe component detection
2. Secret Detection - Find exposed API keys, credentials, and sensitive data
3. Memory Detection - Track vector stores, databases, and persistence layers
4. Network Detection - Identify HTTP calls, API clients, and external communications
5. Data Provenance - CaMeL-style taint analysis for data flow tracking

Quick Start

use raxit_core::{scan, ScanConfig};

// Scan a directory for AI agent code
let config = ScanConfig::default()
    .with_path("./my-agent-project")
    .with_format("yaml");

let result = scan(config)?;

// Access discovered assets
println!("Found {} agents", result.agents.len());
println!("Found {} tools", result.tools.len());
println!("Secret findings: {}", result.secret_findings.len());

// Serialize to YAML
println!("{}", result.to_yaml()?);
# Ok::<(), raxit_core::RaxitError>(())

Advanced Usage

use raxit_core::{scan, ScanConfig};

// Create a custom configuration
let config = ScanConfig::new("./agents")
    .with_format("json");

// Run scan
let result = scan(config)?;

// Access specific findings
for finding in &result.secret_findings {
    println!("Secret detected: {} (severity: {})",
        finding.secret_type, finding.severity);
}

// Check for critical issues
let critical_secrets = result.secret_findings
    .iter()
    .filter(|s| s.severity == "critical")
    .count();

let critical_flows = result.provenance_findings
    .iter()
    .filter(|p| p.severity == "critical")
    .count();

println!("Found {} critical security issues", critical_secrets + critical_flows);
# Ok::<(), raxit_core::RaxitError>(())