securegit 0.8.5

Zero-trust git replacement with 12 built-in security scanners, LLM redteam bridge, universal undo, durable backups, and a 50-tool MCP server
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68

use crate::core::Finding;
use async_trait::async_trait;
use std::path::Path;
use thiserror::Error;

#[derive(Error, Debug)]
pub enum PluginError {
    #[error("Plugin initialization failed: {0}")]
    InitializationFailed(String),

    #[error("Scan failed: {0}")]
    ScanFailed(String),

    #[error("IO error: {0}")]
    Io(#[from] std::io::Error),

    #[error("Configuration error: {0}")]
    Config(String),
}

#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub enum ScanPhase {
    PreExtract,
    PostExtract,
    GitInternals,
    PreCommit,
    PrePush,
    All,
}

pub struct ScanContext<'a> {
    pub path: &'a Path,
    pub scan_phase: ScanPhase,
    pub file_content: Option<&'a [u8]>,
    pub metadata: std::collections::HashMap<String, String>,
}

pub struct PluginReport {
    pub plugin_name: String,
    pub findings: Vec<Finding>,
    pub scanned_files: usize,
    pub duration_ms: u64,
}

impl PluginReport {
    pub fn new(name: String) -> Self {
        Self {
            plugin_name: name,
            findings: Vec::new(),
            scanned_files: 0,
            duration_ms: 0,
        }
    }
}

#[async_trait]
pub trait SecurityPlugin: Send + Sync {
    fn name(&self) -> &str;
    fn version(&self) -> &str;
    fn description(&self) -> &str;
    fn scan_phase(&self) -> ScanPhase;

    async fn initialize(&mut self) -> Result<(), PluginError>;
    async fn scan(&self, context: &ScanContext<'_>) -> Result<PluginReport, PluginError>;
    async fn cleanup(&mut self) -> Result<(), PluginError> {
        Ok(())
    }
}