repo-trust 0.1.1

A command-line tool that tells you whether an open-source repository deserves your trust — beyond the star count.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126

use serde::{Deserialize, Serialize};
use std::collections::BTreeMap;

/// Confidence band. Three values — see ADR-0008.
#[derive(Debug, Clone, Copy, PartialEq, Eq, PartialOrd, Ord, Serialize, Deserialize)]
#[serde(rename_all = "PascalCase")]
pub enum Confidence {
    Low,
    Medium,
    High,
}

/// Five-bucket category derived from the overall score.
#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
#[serde(rename_all = "PascalCase")]
pub enum Category {
    /// 85–100 — multiple modules score high, no significant warnings.
    Strong,
    /// 70–84 — generally healthy.
    Good,
    /// 50–69 — notable strengths and notable weaknesses.
    Mixed,
    /// 30–49 — significant concerns across multiple modules.
    Weak,
    /// 0–29 — strong negative signals; treat as suspicious.
    HighRisk,
}

impl Category {
    /// Bucket a score into a category.
    #[must_use]
    pub const fn from_score(score: u8) -> Self {
        match score {
            85..=100 => Self::Strong,
            70..=84 => Self::Good,
            50..=69 => Self::Mixed,
            30..=49 => Self::Weak,
            _ => Self::HighRisk,
        }
    }
}

/// Default + configurable module weights. See ADR-0006 for the v1 defaults.
#[derive(Debug, Clone, Copy, Serialize, Deserialize)]
pub struct ModuleWeights {
    pub stars: f64,
    pub activity: f64,
    pub maintainers: f64,
    pub adoption: f64,
    pub security: f64,
}

impl Default for ModuleWeights {
    fn default() -> Self {
        Self {
            stars: 0.20,
            activity: 0.25,
            maintainers: 0.20,
            adoption: 0.20,
            security: 0.15,
        }
    }
}

impl ModuleWeights {
    /// Sum of all module weights. Should be ≈1.0; we don't enforce strictly
    /// because users may want to disable modules entirely (weight 0).
    #[must_use]
    pub fn total(&self) -> f64 {
        self.stars + self.activity + self.maintainers + self.adoption + self.security
    }
}

/// Result from a single module's scorer.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct ModuleResult {
    pub module: String,

    /// 0–100
    pub score: u8,

    pub confidence: Confidence,

    /// Named sub-scores (e.g. for stars: low_activity_share, lockstep_timing).
    pub sub_scores: BTreeMap<String, u8>,

    /// For sample-based modules: actual sample size achieved.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub sample_size: Option<usize>,

    /// Inputs we expected but didn't get.
    #[serde(default, skip_serializing_if = "Vec::is_empty")]
    pub missing_data: Vec<String>,
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn category_buckets() {
        assert_eq!(Category::from_score(100), Category::Strong);
        assert_eq!(Category::from_score(85), Category::Strong);
        assert_eq!(Category::from_score(84), Category::Good);
        assert_eq!(Category::from_score(70), Category::Good);
        assert_eq!(Category::from_score(69), Category::Mixed);
        assert_eq!(Category::from_score(50), Category::Mixed);
        assert_eq!(Category::from_score(49), Category::Weak);
        assert_eq!(Category::from_score(30), Category::Weak);
        assert_eq!(Category::from_score(29), Category::HighRisk);
        assert_eq!(Category::from_score(0), Category::HighRisk);
    }

    #[test]
    fn default_weights_sum_to_one() {
        let w = ModuleWeights::default();
        let total = w.total();
        assert!((total - 1.0).abs() < 1e-9, "weights total = {total}");
    }

    #[test]
    fn confidence_orders_correctly() {
        assert!(Confidence::Low < Confidence::Medium);
        assert!(Confidence::Medium < Confidence::High);
    }
}